(3) I'm seeing:
"(gnutls_handshake): A TLS packet with unexpected length was received"
Why?
-(4) What's the deal with MD5?
+(4) What's the deal with MD5? (And SHA-1?)
(5) What happened to gnutls_require_kx / gnutls_require_mac /
gnutls_require_protocols?
(6) What's the deal with tls_dh_max_bits? What's DH?
-(4): What's the deal with MD5?
-------------------------------
+(4): What's the deal with MD5? (And SHA-1?)
+--------------------------------------------
MD5 is a hash algorithm. Hash algorithms are used to reduce a lot of data
down to a fairly short value, which is supposed to be extremely hard to
revocation protocols. This is just another of those ongoing costs you have
already paid for.
+The same has happened to SHA-1: there are real-world collision attacks against
+SHA-1, so SHA-1 is mostly defunct in certificates. GnuTLS no longer supports
+its use in TLS certificates.
+
(5): ... gnutls_require_kx / gnutls_require_mac / gnutls_require_protocols?
The current documentation, for the most recent release of GnuTLS, is available
online at:
- http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html
+ http://www.gnutls.org/manual/html_node/Priority-Strings.html
Beware that if you are not using the most recent GnuTLS release then this
documentation will be wrong for you! You should find the "info" documentation