[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Error when viewing HTTPS pages with a browser using GnuTLS
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: Error when viewing HTTPS pages with a browser using GnuTLS |
|
Date: |
Wed, 28 Mar 2012 16:13:35 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:10.0.3) Gecko/20120325 Icedove/10.0.3 |
On 03/28/2012 09:17 AM, Matthew Carter wrote:
> You can see an occurrence of the first error at:
>
> https://time.techni-serve.com
>
> you can also see a similar error ("SSL Handshake Failed") via:
>
> https://www.microsoft.com
>
> The failure is consistent with both the vimprobable2 browser and using
> the gnutls-cli to connect (same error message in output in both cases).
Thanks! I see the same thing you do with gnutls-cli, so i can confirm
this as an issue with their servers. I see those connection failures
even with the priority string NORMAL:+%COMPAT :(
FWIW, i can get connections to work with both of the above using the
following priority string:
NORMAL:-VERS-TLS1.1:-VERS-TLS1.2
That is, it looks like these two servers sending fatal alerts to any
client that advertises support for TLS1.1 or TLS1.2 :(
They both negotiate to TLS1.0, though.
> I would guess it is an IIS issue as both sites are running IIS 6.0.
https://en.wikipedia.org/wiki/Internet_Information_Services suggests
that 6.0 was released with Windows Server 2003, and superceded by IIS
7.0 with the release of Windows Server 2008. I'm a little surprised to
see www.microsoft.com running such an old version on their flagship web
site. other MS sites (e.g. technet.microsoft.com) are using IIS 7.5 by now.
I'm not sure the right way to deal with this from GnuTLS is. Should we
be doing anything differently to accommodate these non-compliant servers?
--dkg
signature.asc
Description: OpenPGP digital signature