|
From: | Thomas Fitzsimmons |
Subject: | Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher |
Date: | Mon, 26 Mar 2012 18:13:28 -0400 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) |
Nikos Mavrogiannopoulos <address@hidden> writes: > On 03/24/2012 10:57 PM, Thomas Fitzsimmons wrote: > >> Hi, >> gnutls-cli --verbose --debug 10 --port 993 "<imap_hostname>" >> fails to handshake with my Exchange server, whereas >> openssl s_client -debug -port 993 -host "<imap_hostname>" >> succeeds. OpenSSL reports that the server is using the DES-CBC3-SHA >> cipher. >> For background on this issue see: >> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=10904#14 > > > Hello, > The comment below in the thread is very interesting. Could you send me > a capture of a failed handshake? > >> gnutls.c: [1] Received unexpected handshake message 'CERTIFICATE' >> (11). Expected 'SERVER HELLO' (2) Yes, attached the redacted output of: ./gnutls-cli --debug 10 --verbose --port 993 <imap_hostname> from gnutls HEAD. > Do priority strings like the ones below help? > http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html Also attached the redacted output after adding: 1. --priority "NORMAL:%COMPAT" 2. --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" 3. --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128:%COMPAT" The third priority setting works by using ARCFOUR-128. Thomas
default-options.txt
Description: Text document
priority-options-1.txt
Description: Text document
priority-options-2.txt
Description: Text document
priority-options-3.txt
Description: Text document
[Prev in Thread] | Current Thread | [Next in Thread] |