https://bugs.exim.org/show_bug.cgi?id=1664
Bug ID: 1664
Summary: OSCP stapling with GnuTLS results in dropped
connections
Product: Exim
Version: 4.86
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: pdp@???
Reporter: jgh146exb@???
CC: exim-dev@???
Reports from Debian Jessie (8.1.0) systems of failing connections from some
(not all) clients, when stapling is enabled. The clients appear to be
non-stapling-aware. GnuTLS version is 3.3.8
Packet capture shows:
- Client hello (nothing special, and note no cert-status-request)
-- extension: server_name
-- extension: sessionTicket
-- extension: signature_algorithms
-- extension: ec_point_formats
-- extension: elliptic_curves
- Server hello (covers 2 packets)
-- server hello
--- extension: status_request !!!
--- extension: renegotiation_info
--- extension: ec_point_formats
-- server cert (2-element chain)
-- certificate status (for server cert) !!!
-- server key exchange
-- server hello done
- Fatal Alert from client
-- unsupported extension
=========
- Why, when the Client hello did not include a status_request extension,
did the server include cert-status in its server hello?
- Why did the server include a status_request in its server hello?
--
You are receiving this mail because:
You are on the CC list for the bug.
