[gnutls-devel] Unable to connect to https server using wget/curl with gnutls (or openssl)

Tim Ruehsen tim.ruehsen at gmx.de
Thu Dec 20 13:01:59 CET 2012


> > Hello,
> > 
> > I am having problems connecting to an HTTPS server using gnutls through
> > wget, curl and emacs.  I have contacted the company and they claim that
> > it must be a problem with my SSL implementation, so I am looking into
> > it.  I would like to not that this problem is not specific to gnutls; I
> > have built a version of curl that uses only libssl (openssl) and I still
> > have problems connecting to their server.
> > 
> > Starting from the beginning, when I try to connect to their server using
> > wget I get a 'Unable to establish SSL connection'::
> > =========================================================================
> > ==========
> > 
> > Looking further I used gnutls-cli:
> > =========================================================================
> > ========== ~ $ gnutls-cli -d 4 demoweb.efxnow.com
> > I found that "A TLS packet with unexpected length was recieved." could
> > also mean that the other side forcibly closed the connection.
> 
> It most probably mean that their implementation doesn't understand
> extensions or so.
> 
> > Finally with gnutls-cli-debug:
> > 
> > =========================================================================
> > ========== ~ $ gnutls-cli-debug -d 4 demoweb.efxnow.com
> 
> This should have been less verbose.
> 
> > Checking whether %COMPAT is required... yes
> 
> It means that you should use gnutls-cli --priority NORMAL:%COMPAT in
> order to connect to this server. This server probably cannot parse
> random padding or so. This is common in custom new implementations.

You would need NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0 in this case.

Wget --secure-protocol=SSLv3 is broken at the moment. I send will send a 
patch.

Meanwhile it would work with Mget, see https://github.com/rockdaboot/mget.

Regards,

     Tim Rühsen



More information about the Gnutls-devel mailing list