On 08/18/2010 09:50 PM, Yclept Nemo wrote: > Hi, > While the patch also resolves the segfaults I reported when using a > customized GnuTLSPriorities list, it seems to break any communication > with the browser: > GnuTLS: Handshake Failed (-8) 'A record packet with illegal version > was received.' > Invalid method in request \x10 > "\x10" 501 521 "-" "-" > (GnuTLSPriorities > NONE:+CAMELLIA-256-CBC:+AES-256-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+VERS-TLS1.1:+VERS-SSL3.0)
Note that your priority string is wrong. TLS1.0 is missing from this string, thus any fallback from TLS1.1 will be to TLS1.0 that is not supported and thus the handshake will fail. I'd suggest to use one of the preconfigured priority strings. > Also, I'm not sure if this is related to changes from the patch, but > firefox (same version as above) is telling me: > ": server does not support RFC 5746, see CVE-2009-3555" By default it is configured to be in %PARTIAL_RENEGOTIATION mode for maximum compatibility. This will allow non-RFC5746 compliant clients to connect. In %SAFE_RENEGOTIATION mode non compliant clients will fail to connect. > One question, does 0.5.8 incorporate patch3.txt? Indeed. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
