Andy Clayton <[EMAIL PROTECTED]> writes: >> 2) we need someone to debug the problem further. A publicly reachable >> server that exhibit the same problem would help, or if you can run >> gnutls under gdb against this particular server and step through the >> code and find out what happens. > > For another example server which exhibits the problem and reports > itself as IBM: https://www99.americanexpress.com/.
Thanks! It appears as if that server simply refuse to talk to a client that advertise that it supports TLS 1.1. This works: [EMAIL PROTECTED]:~$ gnutls-cli -p 443 www99.americanexpress.com -d 4711 --priority NORMAL:-VERS-TLS1.1 This does not: [EMAIL PROTECTED]:~$ gnutls-cli -p 443 www99.americanexpress.com -d 4711 --priority NORMAL The server simply disconnects without sending any TLS alert or anything. I can't interprete this as anything else than a server bug. The reason OpenSSL works against the server is that OpenSSL doesn't support TLS 1.1 (at least the OpenSSL installed on my system). If anyone can talk to the server using a client that advertise support for TLS 1.1, then it would be a GnuTLS bug that I'd be very interested in tracking down further! Can others test whether disabling TLS 1.1 support makes other similar servers start to work? /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

