[gnutls-devel] gnutls 3.2.6+: connection to api.dreamhost.com hangs

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Jan 19 14:56:26 CET 2014

On 01/19/2014 02:23 PM, Nikos Mavrogiannopoulos wrote:
> On 01/19/2014 01:34 PM, Andreas Metzler wrote:
>> Hello,
>> this is http://bugs.debian.org/733039 reported by Neil Roeth.
>> Recent versions of gnutls fail at connecting to api.dreamhost.com,
>> they just hang. Git bisect shows that breakage started with this commit:
> Hello,
>  It looks like that this site is behind the problematic firewall the
> %DUMBFW priority string option was added. Does adding the %DUMBFW option
> fix the connection? This firewall drops TLS client hello messages that
> are between 256 and 512 bytes.

And indeed that's the case. When removing DHE-DSS the client hello size
drops to 247 bytes. If it is a widespread issue maybe we can add enable
the %DUMBFW extension to clients by default.

There is even an internet draft for this extension:


More information about the Gnutls-devel mailing list