[gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Jan 7 15:20:41 CET 2025
Gene commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284885058
Server is nginx. Still, it is interesting that everything from browsers to curl to sequoia all work while gnutls fails.
I'm just a user and tls handshake details are outside my expertise.
Is it possible, say, that whatever gnutls client provides (e.g. the transcript hash) is somehow causing the server to reject it with illegal parameter rather than nginx is buggy?
Ignore if I am off base here but for example, RFC 8446 says:
```
Note: The handshake transcript incorporates the initial
ClientHello/HelloRetryRequest exchange; it is not reset with the
new ClientHello
```
So as a wild guess, this could go sideways if the transcript hash was was reset instead of retained with the new ClientHello.
But as I said, not my area. I defer to others.
@tomato42 thanks for sharing your thoughts.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284885058
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250107/64477d17/attachment.html>
More information about the Gnutls-devel
mailing list