xombrero - gnutls_handshake failed

Sat, 28 Jul 2012 04:50:28 -0700 

Firstly: thank you, developers of xombrero.
I am gradually moving everything from Firefox.


I am having a problem with one of my https bankings:
https://cz.mbank.eu/logon.aspx

I did a ":js save" and ":cookie save" for the site.
Then I try a "cert save", and get

        gnutls_handshake failed -110 fatal 1 GNUTLS version is too old
        to provide human readable error.

I am not very proficient in the ways of TLS, so please bare with me.
Is this one error (namely, that my GNUTLS is too old to make a handshake),
or two separate errors (namely, that the handshake failed, and moreover,
it cannot provide a readable error)?

My GNUTLS is gnutls-3.0.21p0, as pkg_add-ui'd yesterday
after an upgrade to current/amd64.

The bank says they are using TLS 1.0,
triple DES with a 168 bit key.

Xombrero does just fine with various other https sites,
including other bankings, after :js and :cookie are enabled.

Here's a tcpdump of the failed ":cert save".

13:33:11.063718 box.stare.cz.35418 > 193.41.230.85.https: S 
2760109662:2760109662(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 
3,nop,nop,timestamp 182448863 0> (DF)
13:33:11.104281 193.41.230.85.https > box.stare.cz.35418: S 
22409363:22409363(0) ack 2760109663 win 8760 <mss 1460,eol>
13:33:11.104343 box.stare.cz.35418 > 193.41.230.85.https: . ack 1 win 16384 (DF)
13:33:11.104977 box.stare.cz.35418 > 193.41.230.85.https: P 1:190(189) ack 1 
win 16384 (DF)
13:33:11.146863 193.41.230.85.https > box.stare.cz.35418: F 1:1(0) ack 190 win 
12099
13:33:11.146921 box.stare.cz.35418 > 193.41.230.85.https: . ack 2 win 16384 (DF)
13:33:11.147086 box.stare.cz.35418 > 193.41.230.85.https: F 190:190(0) ack 2 
win 16384 (DF)
13:33:11.147550 193.41.230.85.https > box.stare.cz.35418: R 2:2(0) ack 190 win 
12099
13:33:11.147700 193.41.230.85.https > box.stare.cz.35418: R 2:2(0) ack 190 win 
12099
13:33:11.188900 193.41.230.85.https > box.stare.cz.35418: R 
22409365:22409365(0) win 12288
13:33:11.189177 193.41.230.85.https > box.stare.cz.35418: R 
22409365:22409365(0) win 12288

So it seems i get a FIN immediately after trying to send something.

Noticing that the bank server's name is not resolved,
yes, this is a bank that does not have DNS set up properly.
(Could that be it?)

# host cz.mbank.eu
cz.mbank.eu has address 193.41.230.85
cz.mbank.eu mail is handled by 0 war01mail2.brebank.com.pl.
cz.mbank.eu mail is handled by 0 war01mail1.brebank.com.pl.
# host 193.41.230.85
Host 85.230.41.193.in-addr.arpa. not found: 3(NXDOMAIN)

        Jan

Reply via email to