After I renewed a X.509 certificate, I can no longer connect to <https://svn.generic-nic.net/NIC-generique/iana/whois/> (which is an Apache using GnuTLS) with a client using GnuTLS (clients using OpenSSL are OK).
% openssl s_client -connect svn.generic-nic.net:443 ... SSL handshake has read 1556 bytes and written 311 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit ... But: % gnutls-cli -d 4 -p 443 svn.generic-nic.net ... |<4>| REC[0x996de20]: Expected Packet[3] Change Cipher Spec(20) with length: 1 |<4>| REC[0x996de20]: Received Packet[3] Alert(21) with length: 2 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x996de20]: Decrypted Packet[3] Alert(21) with length: 2 |<4>| REC[0x996de20]: Alert[2|20] - Bad record MAC - was received |<2>| ASSERT: gnutls_record.c:695 |<2>| ASSERT: gnutls_record.c:1048 |<2>| ASSERT: gnutls_handshake.c:2525 |<2>| ASSERT: gnutls_handshake.c:2704 *** Fatal error: A TLS fatal alert has been received. *** Received alert [20]: Bad record MAC *** Handshake has failed A client using GnuTLS (curl) fails in the same way. A client using OpenSSL (wget) works. On the server, I see: [Mon Jan 07 22:04:13 2013] [error] [client 2a01:e35:8bd9:8bb0:9f7:af8e:5649:f1ea] GnuTLS: Handshake Failed (-24) 'Decryption has failed.' Both the client and the server are Debian stable systems, GnuTLS 2.8.6 and mod-gnutls 0.5.9. But it worked before I changed the certificate. _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
