On Fri, May 15, 2015 at 07:16:37PM +0200, Andreas Metzler wrote: > On 2015-05-15 Axel Beckert <a...@debian.org> wrote: > [...] > > Thanks for that information. So this issue is likely not an issue in > > Lynx per se. Because the version in Jessie works fine on Jessie as I > > can confirm. Looks to me if it's a combination of the version of > > lynx(-cur) and the GnuTLS library. > > Hello, > > GnuTLS has become more picky when evaluating priority strings and > lynx is using an incorrect one.
Can you explain a little more what's wrong with the priority string? (I have no idea what the current value is.) So I've been looking at the packets it send, and it seems that when using lynx it's not sending a signature algorithm extention in the ClientHello at all, which for the server means it's the default and should have used sha1, rsa. Using gnutls-cli it sends a whole bunch of extensions it doesn't send with lynx including the signature alorithms. With lynx it's also sending an other cipher list, which doesn't include any GCM based cipher suite. It should probably use some default string instead. But I don't understand why gnutls would close the connection in that case and it seems you can get it into an inconsistent state. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
