[Help-gnutls] client hello refused
kyle cronan
kyle at pbx.org
Thu Feb 22 07:52:26 CET 2007
Hello,
My question is about how to debug the situation where the TLS server
closes the connection right after the client hello message is sent
(gnutls 1.4.5). I didn't have much luck searching the list archives
for hello!
Looking at what's in an SSL/TLS hello, perhaps cipher_suites,
compression_methods and client_version are candidates for causing
trouble? I believe I tried all the different client versions using
--protocols, and I see from gnutls_handshake.c that the extensions are
only sent if we're using a TLS version, not SSL3. So it shouldn't be
a protocol extension that's causing the problem either. That just
leaves ciphers and compression methods. But wouldn't I get an error
like "could not negotiate a supported cipher suite"? Have servers
been known to just close the connection without giving a handshake
failure?
Unfortunately the server software is some unknown black box type
stuff. It does work with openssl s_client though (0.9.7a), even when
I select various single ciphers with the -cipher option.
Thanks,
Kyle Cronan
<kyle at pbx.org>
More information about the Gnutls-help
mailing list