[gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637)

[Read-only notification of GnuTLS library development activities]

Gene created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1637



The following fails 

`gnutls-cli www.sapience.com`
`

with
```
Processed 174 CA certificate(s).
...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [47]: Illegal parameter
```

Adding --priority=SECURE128 also fails, but using SECURE192 or higher allows gnutls-cli to work.

Log files from -d 100 for both cases provided below

By comparison the following all work fine:

- chrome, firefox 
- openssl s_client -connect
- sq network wkd search arch at sapience.com
- curl

This issue causes gpg to fail when it tries to retrieve public keys using WKD.

Logs:
[log.txt](/uploads/9b01dac6931f62ddfb8a7673e8187f23/log.txt)
[log-192.txt](/uploads/8c3976778ab2782fc0af4f8467e46946/log-192.txt)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241231/0559fd6b/attachment.html>