[gnutls-devel] Unable to connect to https server using wget/curl with gnutls (or openssl)
Tim Ruehsen
tim.ruehsen at gmx.de
Thu Dec 20 13:01:59 CET 2012
> > Hello,
> >
> > I am having problems connecting to an HTTPS server using gnutls through
> > wget, curl and emacs. I have contacted the company and they claim that
> > it must be a problem with my SSL implementation, so I am looking into
> > it. I would like to not that this problem is not specific to gnutls; I
> > have built a version of curl that uses only libssl (openssl) and I still
> > have problems connecting to their server.
> >
> > Starting from the beginning, when I try to connect to their server using
> > wget I get a 'Unable to establish SSL connection'::
> > =========================================================================
> > ==========
> >
> > Looking further I used gnutls-cli:
> > =========================================================================
> > ========== ~ $ gnutls-cli -d 4 demoweb.efxnow.com
> > I found that "A TLS packet with unexpected length was recieved." could
> > also mean that the other side forcibly closed the connection.
>
> It most probably mean that their implementation doesn't understand
> extensions or so.
>
> > Finally with gnutls-cli-debug:
> >
> > =========================================================================
> > ========== ~ $ gnutls-cli-debug -d 4 demoweb.efxnow.com
>
> This should have been less verbose.
>
> > Checking whether %COMPAT is required... yes
>
> It means that you should use gnutls-cli --priority NORMAL:%COMPAT in
> order to connect to this server. This server probably cannot parse
> random padding or so. This is common in custom new implementations.
You would need NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0 in this case.
Wget --secure-protocol=SSLv3 is broken at the moment. I send will send a
patch.
Meanwhile it would work with Mget, see https://github.com/rockdaboot/mget.
Regards,
Tim Rühsen
More information about the Gnutls-devel
mailing list