Seems to be a problem with gnutls and TLS 1.1 at least on the site I'm having problems, eg.
gnutls-cli --priority "NORMAL:%COMPAT" dit-subversion.cbs.dk
Resolving 'dit-subversion.cbs.dk'...
Connecting to '130.226.47.44:443'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
# Try with TLS1.1 disabled, ie. try with TLS1.0
gnutls-cli --priority "NORMAL:%COMPAT:-VERS-TLS1.1" dit-subversion.cbs.dk
Resolving 'dit-subversion.cbs.dk'...
Connecting to '130.226.47.44:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
....
The sites is a running a Cisco Netscaler for the SSL that does not support TLS 1.1, the version of gnutls being used in Ubuntu defaults to TLS 1.1 and does not try with TLS 1.0 when this fails.
This bug is present in Intrepid, Karmic and Lucid.
Seems to be a problem with gnutls and TLS 1.1 at least on the site I'm having problems, eg.
gnutls-cli --priority "NORMAL:%COMPAT" dit-subversion. cbs.dk .cbs.dk' ... 47.44:443' ...
Resolving 'dit-subversion
Connecting to '130.226.
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
# Try with TLS1.1 disabled, ie. try with TLS1.0 %COMPAT: -VERS-TLS1. 1" dit-subversion. cbs.dk .cbs.dk' ... 47.44:443' ...
gnutls-cli --priority "NORMAL:
Resolving 'dit-subversion
Connecting to '130.226.
- Certificate type: X.509
- Got a certificate list of 1 certificates.
....
The sites is a running a Cisco Netscaler for the SSL that does not support TLS 1.1, the version of gnutls being used in Ubuntu defaults to TLS 1.1 and does not try with TLS 1.0 when this fails.
This bug is present in Intrepid, Karmic and Lucid.