Richard A Nelson <[EMAIL PROTECTED]> writes:
> On Tue, 14 Oct 2008, Simon Josefsson wrote:
>
>> Risking the opportunity to close this bug, could you try whether you can
>> reproduce the problem using openSSL as well? You need to force it to
>> send a servername extension:
>>
>> openssl s_client -
On Tue, 14 Oct 2008, Simon Josefsson wrote:
Risking the opportunity to close this bug, could you try whether you can
reproduce the problem using openSSL as well? You need to force it to
send a servername extension:
openssl s_client -connect bluepages.ibm.com:636 -servername foo
# openssl s_c
Simon Josefsson <[EMAIL PROTECTED]> writes:
> In other words, to talk with this server you need to:
>
> 1) Disable cert_type extension (-CERT-OPENPGP)
>
> 2) Disable server_name extension (--disable-extensions with gnutls-cli)
>
> 3) Disable TLS 1.1
>
> I have no idea how to achieve 2) in openldap
Richard A Nelson <[EMAIL PROTECTED]> writes:
> On Sun, 12 Oct 2008, Simon Josefsson wrote:
>
>> I was wrong, it doesn't work like that. GnuTLS doesn't send the
>> server_name extension by default, the application needs to call
>> gnutls_server_name_set explicitly to enable it. For gnutls-cli, yo
Richard A Nelson <[EMAIL PROTECTED]> writes:
> On Sun, 12 Oct 2008, Simon Josefsson wrote:
>
>> gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority
>> NORMAL:-VERS-TLS1.1:-VERS-TLS1.0
>
> works
Ok, that means SSL 3.0 works.
>> No need to post logs if that works. You may need to transfer som
On Sun, 12 Oct 2008, Simon Josefsson wrote:
I was wrong, it doesn't work like that. GnuTLS doesn't send the
server_name extension by default, the application needs to call
gnutls_server_name_set explicitly to enable it. For gnutls-cli, you can
use --disable-extensions to avoid sending the serv
On Sun, 12 Oct 2008, Simon Josefsson wrote:
gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority
NORMAL:-VERS-TLS1.1:-VERS-TLS1.0
works
No need to post logs if that works. You may need to transfer some
application data to trigger the record padding problem though, so you
might not see fa
Simon Josefsson <[EMAIL PROTECTED]> writes:
>>> However, maybe the problem is with some extension. Then maybe disabling
>>> that extension should be sufficient, and you don't need to disable TLS
>>> 1.0.
>>
>> Indeed, it'd be nice to drop just the problematic extension, if feasible
>
> I'm somewh
Richard A Nelson <[EMAIL PROTECTED]> writes:
>> Maybe it doesn't like TLS 1.1 _and_ doesn't like record padding. later:
>> Reading your logs suggests this will not work, record padding is only
>> effective after handshake is complete.
>>
>> Btw, could you also try this command:
>>
>> gnutls-cli -
On Sun, 12 Oct 2008, Simon Josefsson wrote:
At least I understand the three _other_ problems reported in this bug
now...
;) Still better off than before
Ok. The random success is interesting.
I thought so as well - I wonder if the server (regional IP - I always
see the same IP due to DNS
Richard A Nelson <[EMAIL PROTECTED]> writes:
> On Sat, 11 Oct 2008, Simon Josefsson wrote:
>
>> I believe we may be close to understanding this entire bug report now.
>
> Cool ;)
At least I understand the three _other_ problems reported in this bug
now...
>> The remaining step is to check whethe
On Sat, 11 Oct 2008, Simon Josefsson wrote:
I believe we may be close to understanding this entire bug report now.
Cool ;)
The remaining step is to check whether bluepages.ibm.com exhibits either
one of the two last problems. However, the server isn't accessible on
the Internet. Richard, c
I believe we may be close to understanding this entire bug report now.
For context, please review:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466477
My conclusion is that there are three different problems discussed:
The mail3.mclemente.net problem has been fixed in v2.4.0. It was a
combi
13 matches
Mail list logo
