On 2012/07/28 13:48, Jan Stary wrote: > > gnutls_handshake failed -110 fatal 1 GNUTLS version is too old > to provide human readable error. > > I am not very proficient in the ways of TLS, so please bare with me. > Is this one error (namely, that my GNUTLS is too old to make a handshake), > or two separate errors (namely, that the handshake failed, and moreover, > it cannot provide a readable error)?
I think you should forget about debugging in the browser and move to the simpler tools, $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu Processed 36 CA certificate(s). Resolving 'cz.mbank.eu'... Connecting to '193.41.230.85:443'... *** Fatal error: The TLS connection was non-properly terminated. No certificates found! *** Handshake has failed GnuTLS error: The TLS connection was non-properly terminated. So, as this basic gnutls tool also fails, there's no point trying to debug via a browser. If you turn on debugging in gnutls-cli you see that gnutls writes some data and then tries to read from the server but gets zero bytes back, I imagine the remote side didn't like something sent to it and dropped the connection.. Trying with --disable-extensions, same. Might be worth playing with different --priorities strings perhaps. Do you have another OS handy with a recent gnutls 3.x you can test to identify whether the problem is specific to OpenBSD or the port, or whether it's a general gnutls problem? If it affects other OS too, you're probably better off reporting it upstream.
