Package: gnutls28 Version: 3.0.19-2 GnuTLS 3.0.19 has a bug which causes a TLS handshake failure if a handshake packet needs to be fragmented (if a packet is larger than 16 kB). This bug is fixed in 3.0.20 which is available in Debian "sid". I am filing this bug report because I think this bug should be fixed in debian "wheezy" release (it has currently 3.0.19).
The Debian package "ca-certificates" includes so many CA certificates that if used together with GnuTLS 3.0.19 with all CA's enabled (the default), it will always produce a failed TLS handshake. The error message is: "Fatal error: A TLS packet with unexpected length was received". See the following for a discussion of the details, how to repeat, etc. of this bug: http://comments.gmane.org/gmane.network.gnutls.general/2789 See the following for 3.0.20 release notes: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6162 The specific commit which fixes this bug is here: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=6299e8a8c7371da1e674419c36cbcbe1630aef0a IMHO it would be good to get 3.0.20 in "wheezy" before the release. Best Regards, -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.com/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org