Error when viewing HTTPS pages with a browser using GnuTLS

Nikos Mavrogiannopoulos nmav at
Thu Mar 29 11:42:55 CEST 2012

On Wed, Mar 28, 2012 at 10:13 PM, Daniel Kahn Gillmor
<dkg at> wrote:

>> The failure is consistent with both the vimprobable2 browser and using
>> the gnutls-cli to connect (same error message in output in both cases).
> Thanks!  I see the same thing you do with gnutls-cli, so i can confirm
> this as an issue with their servers.  I see those connection failures
> even with the priority string NORMAL:+%COMPAT :(
> FWIW, i can get connections to work with both of the above using the
> following priority string:

Microsoft servers used to drop connections from  TLS protocol versions
they didn't understand instead of doing a negotiation to the highest

A solution is, a client, to have a fallback strategy with the priority
strings at:

> I'm not sure the right way to deal with this from GnuTLS is.  Should we
> be doing anything differently to accommodate these non-compliant servers?

This is an old problem and there is not much we can do, except
pointing people to compatibility priority strings. Keeping support for
TLS 1.2 and 1.1 is important as there are issues in all the previous


More information about the Gnutls-devel mailing list