On 05/17/2013 11:00 PM, Lluís Batlle i Rossell wrote: > Hello, > > I tried gnutls 3.1 and 3.2.0 on https://archive.org (with wget and > gnutls-cli), > and both give me: > Connecting to www.archive.org|207.241.224.2|:443... connected. > GnuTLS: Could not negotiate a supported cipher suite. > Unable to establish SSL connection. > Enabling "EXPORT" in --priority (a friend helped me with that), made gnutls > choose: > |<3>| HSK[0x7a9ec0]: Selected cipher suite: RSA_AES_128_CBC_SHA1
Interesting. This server negotiates C0.13 (which is ECDHE-RSA-AES256-SHA), and selects SSL 3.0. This ciphersuite is only defined for TLS 1.0 or later and that's why gnutls rejects it and closes the connection. This was a bug of a particular openssl version on Debian. If this is a widespread issue we may try to work it around in gnutls and allow elliptic curves even in SSL 3.0. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
