Thanks for the info. I will make the necessary changes and try connecting again. If I ignore the re-handshake using gnutls_error_is_fatal() and ignore non-fatal error. Will I able to connect to the server??
On Tue, Aug 9, 2016 at 3:28 PM, Nikos Mavrogiannopoulos <[email protected]> wrote: > On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek <[email protected]> > wrote: > >>> Hi Gnutls team, > >>> Whenever I tried to connect an Windows IIS8 server I am getting below > >>> error---- > >>> - Key Exchange: RSA > >>> - Protocol: TLS1.2 > >>> - Certificate Type: X.509 > >>> - Compression: NULL > >>> - Cipher: AES-128-CBC > >>> - MAC: SHA256 > >>> Note: SSL paramaters may change as new connections are established to > the > >>> server. > >>> /usr/bin/httpfs2-ssl: main: closing socket. > >>> /usr/bin/httpfs2-ssl: main: closing SSL socket. > >>> /usr/bin/httpfs2-ssl: main: initializing SSL socket. > >>> /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the > >>> peer.. > >> > >> The server requested a rehandshake but the client (httpfs2-ssl) you > >> are using didn't handle it. You'd better report it to that tool. > > what is needed on the clients part to handle the rehandshake? > > Does GnuTLS not handle rehandshake internally? > > No. Rehandshake typically means re-authentication and the application > must handle this explicitly with gnutls (see [0]). By the time you > receive such a rehandshake request by the server you can either ignore > it (which the server may or may not like), or act on it by following > the instructions on [0]. Servers typically ask for rehandshake when > the want to connected user to reauthenticate using a client > certificate or so. > > Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal > errors from gnutls_record_recv() and gnutls_handshake(). > > regards, > Nikos > > [0]. https://www.gnutls.org/manual/html_node/Re_002dauthentication.html >
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
