registry team mailing list archive

Thread
Date

[Bug 332615] Re: svn co on SSL repository fails ("SSL negotiation failed: Secure connection truncated") due to libneon bug

To: registry@xxxxxxxxxxxxxxxxxxx
From: Troels Liebe Bentsen <tlb@xxxxxxxxxxx>
Date: Tue, 11 May 2010 19:31:34 -0000
Reply-to: Bug 332615 <332615@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Seems to be a problem with gnutls and TLS 1.1 at least on the site I'm
having problems, eg.

gnutls-cli --priority "NORMAL:%COMPAT" dit-subversion.cbs.dk
Resolving 'dit-subversion.cbs.dk'...
Connecting to '130.226.47.44:443'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.

# Try with TLS1.1 disabled, ie. try with TLS1.0
gnutls-cli --priority "NORMAL:%COMPAT:-VERS-TLS1.1" dit-subversion.cbs.dk
Resolving 'dit-subversion.cbs.dk'...
Connecting to '130.226.47.44:443'...
 - Certificate type: X.509
 - Got a certificate list of 1 certificates.
....

The sites is a running a Cisco Netscaler for the SSL that does not
support TLS 1.1, the version of gnutls being used in Ubuntu defaults to
TLS 1.1 and does not try with TLS 1.0 when this fails.

This bug is present in Intrepid, Karmic and Lucid.

-- 
svn co on SSL repository fails ("SSL negotiation failed: Secure connection truncated") due to libneon bug
https://bugs.launchpad.net/bugs/332615
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.