On Sat, 3 May 2008, Simon Josefsson wrote:
Yes, it is a hard disconnect, it doesn't even respond to the client
hello, which is quite nasty. Could you try adding --disable-extensions
to see if that works?
adding --disable-extensions didn't help, nor did it disable all
extensions
Did this bug start to appear with more recent gnutls versions? Or have
you always seen it with this server, regardless of gnutls version?
Hard to say when it started, it may have always been there, I ran into
it when Debian moved the ldap packages from openssl to gnutls
My understanding is that these servers support ssl1-3, but not tls -
and forcing sslv3 does work; but you can't do that from ldap/slapd.
Script started on Sun 04 May 2008 02:15:12 AM UTC
sh-3.2# gnutls-cli -d 4711 --disable-extensions -p 636 bluepages.ibm.com
Resolving 'bluepages.ibm.com'...
Connecting to '9.17.186.253:636'...
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[21ed970]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[21ed970]: Sending extension CERT_TYPE
|<3>| HSK[21ed970]: CLIENT HELLO was send [88 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[21ed970]: Sending Packet[0] Handshake(22) with length: 88
|<7>| WRITE: Will write 93 bytes to 4.
|<7>| WRITE: wrote 93 bytes to 4. Left 0 bytes. Total 93 bytes.
|<7>| 0000 - 16 03 02 00 58 01 00 00 54 03 02 48 1d 1c 3d 72
|<7>| 0001 - 51 9b 21 d6 33 d7 48 5f da 86 09 74 97 7a 4d 2f
|<7>| 0002 - 2a 75 71 14 54 d3 ad bc 08 92 1f 00 00 24 00 33
|<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87
|<7>| 0004 - 00 13 00 66 00 2f 00 41 00 35 00 84 00 0a 00 05
|<7>| 0005 - 00 04 01 00 00 07 00 09 00 03 02 00 01
|<4>| REC[21ed970]: Sent Packet[1] Handshake(22) with length: 93
|<7>| READ: Got 0 bytes from 4
|<7>| READ: read 0 bytes from 4
|<7>| 0000 -
|<2>| ASSERT: gnutls_buffers.c:638
|<2>| ASSERT: gnutls_record.c:907
|<2>| ASSERT: gnutls_buffers.c:1152
|<2>| ASSERT: gnutls_handshake.c:1021
|<2>| ASSERT: gnutls_handshake.c:2322
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
sh-3.2# exit
Script done on Sun 04 May 2008 02:15:26 AM UTC
--
Rick Nelson
Why use Windows, since there is a door?
(By [EMAIL PROTECTED], Andre Fachat)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
