Description of problem: Fedora 14 server - GnuTLS 2.8.6 Fedora 15 client - GnuTLS 2.10.5 The server is initialized with the following priorities: "NONE:+VERS-TLS1.2:+AES-256-CBC:+RSA:+SHA1:+COMP-DEFLATE" When the client attempts to connect the attempt fails with "handshake failed" as the reason. When I change the server to be: "NONE:+VERS-TLS1.1:+AES-256-CBC:+RSA:+SHA1:+COMP-DEFLATE" the connection succeeds. TLS 1.0 also works. Version-Release number of selected component (if applicable): gnutls-2.8.6-2.fc14.x86_64 gnutls-2.10.5-1.fc15.x86_64 How reproducible: Always Steps to Reproduce: 1. Setup GnuTLS 2.8.6 server with the priorities above. 2. Setup GnuTLS 2.10.5 client with the same priorities. 3. Attempt to connect to the server. Actual results: Handshake failure. Expected results: Connection succeeds. Additional info: If I connect to a 2.10.5 server with the 2.10.5 client, it succeeds. It seems there is some incompatibility between 2.8 and 2.10. I would report upstream but they have moved on to version 2.12 and probably would not fix 2.8 or 2.10.
I'd suggest reporting it upstream anyway. If the problem is in 2.10 (or even 2.12) they would fix it.
-- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
(In reply to comment #1) > I'd suggest reporting it upstream anyway. If the problem is in 2.10 (or even > 2.12) they would fix it. Per upstream, 2.8's TLS 1.2 support was not complete and disabled by default. Perhaps it should be disabled in Fedora's build. The 2.10 version has complete TLS 1.2 support. Red Hat 6 also has GnuTLS 2.8, which would have the incomplete TLS 1.2 implementation. I am working on a commercial app that would have used TLS 1.2, but it seems I will have to scale back to TLS 1.1 to be compatible on Red Hat boxes. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
As you have to explicitly add TLS1.2 to the priority string to enable it on GNUTLS2.8, I do not think there is much to fix by the rebuild.