Your message dated Sun, 29 Jul 2012 13:21:34 +0200 with message-id <[email protected]> and subject line Re: Bug#683160: [gnutls-bin] can't connect to hosts which allow only SSLv3 has caused the Debian Bug report #683160, regarding [gnutls-bin] can't connect to hosts which allow only SSLv3 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 683160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683160 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gnutls-bin Version: 3.0.20-3 Severity: important --- Please enter the report below this line. --- I can't connect to hosts which allow only SSLv3 : $ gnutls-cli -V www.ovh.com Processed 152 CA certificate(s). Resolving 'www.ovh.com'... Connecting to '213.186.33.34:443'... |<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data *** Fatal error: The TLS connection was non-properly terminated. No certificates found! *** Handshake has failed GnuTLS error: The TLS connection was non-properly terminated. Note that *openssl* is also affected, but browsers like Lynx, Iceweasel, Chromium or Empathy doesn't have any trouble. For information : Resolving 'www.ovh.com'... Connecting to '213.186.33.34:443'... Checking for SSL 3.0 support... yes Checking whether %COMPAT is required... yes Checking for TLS 1.0 support... yes Checking for TLS 1.1 support... no Checking fallback from TLS 1.1 to... failed Checking for TLS 1.2 support... no Checking whether we need to disable TLS 1.2... yes Checking whether we need to disable TLS 1.1... no Checking whether we need to disable TLS 1.0... N/A Checking for Safe renegotiation support... no Checking for Safe renegotiation support (SCSV)... no Checking for HTTPS server name... Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8g mod-xslt/1.3.9 Checking for version rollback bug in RSA PMS... no Checking for version rollback bug in Client Hello... no Checking whether the server ignores the RSA PMS version... yes Checking whether the server can accept Hello Extensions... yes Checking whether the server can accept small records (512 bytes)... yes Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes Checking whether the server can accept a bogus TLS record version in the client hello... yes Checking for certificate information... - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `serialNumber=424761419,jurisdictionOfIncorporationCountryName=FR,jurisdictionOfIncorporationStateOrProvinceName=Nord,jurisdictionOfIncorporationLocalityName=ROUBAIX,businessCategory=Private Organization,C=FR,postalCode=59100,ST=NORD,L=ROUBAIX,STREET=2 rue Kellermann,O=OVH,OU=0002 424761419,OU=Comodo EV SSL,CN=www.ovh.com', issuer `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO Extended Validation Secure Server CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-11-15 00:00:00 UTC', expires `2012-12-14 23:59:59 UTC', SHA-1 fingerprint `7cd98892f7ac15dd5e7cafe8849bd095a0be478b' Public Key Id: 7d9b7c7c7477972d2a4223c57c9fc4d364c6d001 Public key's random art: +--[ RSA 2048]----+ | E==. | | o . =o | | + . + . | | . o o o o| | . S . + ..B| | o . o = o=| | . . = o .| | . . . . | | | +-----------------+ -----BEGIN CERTIFICATE----- MIIGCzCCBPOgAwIBAgIRAP5yZ3AgXe9rxJLNYz1GxeMwDQYJKoZIhvcNAQEFBQAw gY4xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTQwMgYD VQQDEytDT01PRE8gRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB MB4XDTEwMTExNTAwMDAwMFoXDTEyMTIxNDIzNTk1OVowggEnMRIwEAYDVQQFEwk0 MjQ3NjE0MTkxEzARBgsrBgEEAYI3PAIBAxMCRlIxFTATBgsrBgEEAYI3PAIBAhME Tm9yZDEYMBYGCysGAQQBgjc8AgEBEwdST1VCQUlYMR0wGwYDVQQPExRQcml2YXRl IE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCRlIxDjAMBgNVBBETBTU5MTAwMQ0wCwYD VQQIEwROT1JEMRAwDgYDVQQHEwdST1VCQUlYMRkwFwYDVQQJExAyIHJ1ZSBLZWxs ZXJtYW5uMQwwCgYDVQQKEwNPVkgxFzAVBgNVBAsTDjAwMDIgNDI0NzYxNDE5MRYw FAYDVQQLEw1Db21vZG8gRVYgU1NMMRQwEgYDVQQDEwt3d3cub3ZoLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtN079K6hcWtDUsL0vGUkmbthxr SNPT5jLeQiit12tXpbPM/1zyZl82CMOM6p+8gxLNhbS4yPd8Dk7bFyOhada+1+00 81ybgNlGMRzN+7z+RLNUp6WYgP1gXYrQWhKBqsPiyMN+yprk21ynykqDF7xTlWNe CuTYcxdJRThNTipnJUM320GPEZANVXV/mHweslpqKaR0K6lG2Hw4PYKktGT2W8b5 WIywAITFYiqMZPNNOVZ/Mp0eL8S7JgvYb0VyAhpC6JKQlHdtngsptDSaFozgKLXM +GxfrK4RoITbT/h+z0yfPI+bXpZ9f/8JgveQUF9Gg++fbLedsSYTpcENY/kCAwEA AaOCAcYwggHCMB8GA1UdIwQYMBaAFIhEUf9QKmleLYj0IbrZDPLOy+p8MB0GA1Ud DgQWBBSK86JIAwloq1MFsrg2zXVUpStGdTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwRgYDVR0gBD8w PTA7BgwrBgEEAbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUu Y29tb2RvLmNvbS9DUFMwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL2NybC5jb21v ZG9jYS5jb20vQ09NT0RPRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0Eu Y3JsMIGEBggrBgEFBQcBAQR4MHYwTgYIKwYBBQUHMAKGQmh0dHA6Ly9jcnQuY29t b2RvY2EuY29tL0NPTU9ET0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB LmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMB8GA1Ud EQQYMBaCC3d3dy5vdmguY29tggdvdmguY29tMA0GCSqGSIb3DQEBBQUAA4IBAQB3 HpLHEz7KGU8s0h0j0QfhHiIzHIISiMGTDz0mbi06Qmtl1E+yLm4BfvsKb94G6lDW lQ45EesY0UPEqHitBormTJGcv7YW6X8/XEzizH+DitIp9LzpNWJxEod+vymHXDG9 uOz55yP1Z1Ohd8MDLG5QilWxYW4ErHsu8zqqFGsJwErbujPVkOFNIoix34pN1tRZ XnI7+aBHS4BMofoJoOgiH/V/DeN80qA5K2pCt1UAsnPh6A8CEmeyb/3HmivWAYox WIg/7pOQetziVA38G66RwMLCPFwwxObchCBB0Z1iXya7jD7lxdeiPca3tORvPos7 Io1qdN+8clSEHBOuUYjw -----END CERTIFICATE----- - Certificate[1] info: - subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO Extended Validation Secure Server CA', issuer `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO Certification Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-05-24 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `dc8cdb26f52c36e71b4c11be6620c5913b25e35d' Public Key Id: 43b45efa6eaf6e116cdce2f579f21607a5ea5179 Public key's random art: +--[ RSA 2048]----+ | . | | . . .| | oo.. + | | o o* o = E| | So + + + | | oo o +.o| | .o . +o| | .o . o| | ++o. . | +-----------------+ -----BEGIN CERTIFICATE----- MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi 7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY 5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl 9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 -----END CERTIFICATE----- - Certificate[2] info: - subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO Certification Authority', issuer `C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-02-11 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `450ddcd5b26d0dbf983b4742bde543e06662efb3' Public Key Id: 11e491d1c9e4c0eb9acecf73545de1f1a8303ec3 Public key's random art: +--[ RSA 2048]----+ | o**.. o.| | .o=+ ..+| | o.+ ..o.| | .+ o... | | .S E.. | | . .o | | o . | | .o.. . | | .o.oo | +-----------------+ -----BEGIN CERTIFICATE----- MIIE8TCCA9mgAwIBAgIQS3VXgmk5DJvjLxLsX22UXjANBgkqhkiG9w0BAQUFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTEwMDIxMTAwMDAwMFoXDTIwMDUzMDEwNDgzOFow gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYD VQQDEx5DT01PRE8gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDQQIuLcuORG/dRwRtUBJjTqb/B5opdO4f7u4jO DeMvPwaW8KIpUJmu2zuhV7B0UXHN7UKRTUH+qcjYaoZ3RLtZZpdQXrTULHBEz9o3 lUJpPDDEcbNS8CFNodi6OXwcnqMknfKDFpiqFnxDmxVbt640kf7UYiYYRpo/68H5 8ZBX66x6DYvbcjBqZtXgRqNw3GjZ/wRIiXfeten7Z21B6bw5vTLZYgLxsag9bjec 4i/i06Imi8a4VUOI4SM+pdIkOWpHqwDUobOpJf4NP6cdutNRwQuk2qw471VQJAVl RpM0Ty2NrcbUIRnSjsoFYXEHc0flihkSvQRNzk6cpUisuyb3AgMBAAGjggF0MIIB cDAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUC1jl i8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB Af8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9j cmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYI KwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0 LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0 cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsG AQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUA A4IBAQBNhw1QMPOCXcQ/1O/ujUjj572Qa8QyOMZeKKtcpa1h+Y67hRQ5IVFbjozc F5KAL4OUaYjBvieOT5+pg9i+14eScaO2/RF0uJWBKCB3DUN3dXY4HU0bLpeJjAob ZhZS1BSab4BIFt4wwEJo6r+iuipETayJ4vPMU5vj5h1uT5if2Q5RUIbgGjQyJIB9 OofzPOVaTbeLvQokDa7b9I9c0mYMghxyN7bRudCYNBsnbYteHkBzGPqo5MbokMOr GeTBoc1M1Dq2iMjz0GVhOr8Y9K8cVqnrlzjZICkfPyopR52KD2oSgUQCIdQ7Ohor HkBDfZSgaQ78LvtS9v0uMtjLa73r -----END CERTIFICATE----- - Certificate[3] info: - subject `C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root', issuer `C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root', RSA key 2048 bits, signed using RSA-SHA1, activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `02faf3e291435468607857694df5e45b68851868' Public Key Id: 4f9c7d21799cad0ed8b90c579f1a0299e790f387 Public key's random art: +--[ RSA 2048]----+ | | | + o o | | B .o * .| | .B=.= +.| | S *E*oo..| | o +o=o | | . o.. | | | | | +-----------------+ -----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- Checking for trusted CAs... Checking whether the server understands TLS closure alerts... no Checking whether the server supports session resumption... no Checking for export-grade ciphersuite support... no Checking RSA-export ciphersuite info... N/A Checking for anonymous authentication support... no Checking anonymous Diffie-Hellman group info... N/A Checking for ephemeral Diffie-Hellman support... no Checking ephemeral Diffie-Hellman group info... N/A Checking for ephemeral EC Diffie-Hellman support... no Checking ephemeral EC Diffie-Hellman group info... N/A Checking for AES-GCM cipher support... no Checking for AES-CBC cipher support... yes Checking for CAMELLIA cipher support... no Checking for 3DES-CBC cipher support... yes Checking for ARCFOUR 128 cipher support... yes Checking for ARCFOUR 40 cipher support... no Checking for MD5 MAC support... yes Checking for SHA1 MAC support... yes Checking for SHA256 MAC support... no Checking for ZLIB compression support... no Checking for max record size... no Checking for OpenPGP authentication support... no --- System information. --- Architecture: amd64 Kernel: Linux 3.2.0-3-amd64 Debian Release: wheezy/sid 500 unstable apt.daevel.fr 1 experimental apt.daevel.fr --- Package information. --- Depends (Version) | Installed =============================-+-============== libc6 (>= 2.4) | 2.13-35 libgmp10 | 2:5.0.5+dfsg-2 libgnutls28 (>= 3.0.20-0) | 3.0.20-3 libhogweed2 | 2.4-2 libidn11 (>= 1.13) | 1.25-2 libnettle4 | 2.4-2 libopts25 (>= 1:5.12) | 1:5.12-0.1 libp11-kit0 (>= 0.11) | 0.12-3 libtasn1-3 (>= 1.6-0) | 2.13-2 zlib1g (>= 1:1.1.4) | 1:1.2.7.dfsg-13 Package's Recommends field is empty. Package's Suggests field is empty.
--- End Message ---
--- Begin Message ---On 2012-07-29 Olivier Bonvalet <[email protected]> wrote: > Package: gnutls-bin > Version: 3.0.20-3 > Severity: important > --- Please enter the report below this line. --- > I can't connect to hosts which allow only SSLv3 : > $ gnutls-cli -V www.ovh.com > Processed 152 CA certificate(s). > Resolving 'www.ovh.com'... > Connecting to '213.186.33.34:443'... > |<1>| Note that the security level of the Diffie-Hellman key exchange has > been lowered to 512 bits and this may allow decryption of the session data > *** Fatal error: The TLS connection was non-properly terminated. > No certificates found! > *** Handshake has failed > GnuTLS error: The TLS connection was non-properly terminated. > Note that *openssl* is also affected, but browsers like Lynx, Iceweasel, > Chromium or Empathy doesn't have any trouble. [...] Afaict the server is broken. You can connect to it with gnutls-cli --priority=NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0 www.ovh.com or gnutls-cli --priority=NORMAL:%COMPAT:-VERS-TLS1.2:-VERS-TLS1.1 www.ovh.com cu andreas
--- End Message ---
