[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls suite b interoperability with a mocana server
|
From: |
James Newell |
|
Subject: |
Re: gnutls suite b interoperability with a mocana server |
|
Date: |
Thu, 26 Apr 2012 21:42:49 -0400 |
On Thu, Apr 26, 2012 at 5:17 PM, Nikos Mavrogiannopoulos
<address@hidden> wrote:
> On 04/26/2012 08:37 PM, James Newell wrote:
>
>> Hello,
>>
>> I'm attempting to use gntls client with a mocana ssl server. The
>> gnutls-cli fails indicating it could not negotiate a cipher suite,
>> despite the mocana sending back the cipher selected in the server
>> hello packet chosen from the client cipher list. I've provide both
>> debug output from the server and client below. Is it possible I
>> configured something incorrectly on the gnutls side? Any help is
>> appreciated.
>
>
> Interesting issue. The key is:
>
>> |<3>| HSK[0x14fc5f0]: Server's version: 3.0
>> |<3>| HSK[0x14fc5f0]: unsupported cipher suite C0.09
>
>
> Your server negotiates SSL 3.0 with an elliptic curve ciphersuite. Those
> are defined with TLS 1.0 or later. Is there an option to
> enable TLS 1.0 on your server?
I did not find an option to explicitly enable TLS 1.0 on the server,
but since I had the code I tracked it down to the server code setting
it's ssl minor version based on the announced minor version of the
client, therefore sending 3.0 back to the gnutls-cli client. I
modified this to return 1, and now the gnutls-cli connects correctly.
Should a server be sending it's SSL version based on the clients
version? I'm not well versed in the tls spec. I'll have to do some
reading. Thank you for you help.
Regards,
Jim
>
> regards,
> Nikos
>
>
> _______________________________________________
> Help-gnutls mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/help-gnutls