Re: gnuTLS 3.0.20 - 'Fatal error: The TLS connection was non-properly te
From:
Scott McGillivray
Subject:
Re: gnuTLS 3.0.20 - 'Fatal error: The TLS connection was non-properly terminated' against Cisco load balancers
Date:
Mon, 18 Jun 2012 09:50:27 +0100
I've tried with OpenSSL 0.9.8k and OpenSSL 1.0.1 which both work ok with no special options. The Cisco CSS is quite an old load balancer and doesn't support TLS 1.1 let alone TLS 1.2 so I'm not sure why openssl 1.0.1c would fail until you specifically told it to ignore TLS 1.2. I thought as part of the negotiation, openssl would have detected that TLS 1.0 was only supported.
I had a quick look through the openssl changelog (http://www.openssl.org/news/changelog.html) to see if there was any obvious changes between 1.0.1 and 1.0.1c that might cause the problem but nothing jumped out to me.
I don't know if the problem see in openssl 1.0.1c might be related to the problem I'm seeing in gnutls 3.0.20? I couldn't see a similar option for gnutls-cli to force TLS 1.0 or ignore TLS 1.2 for me to test.