I'm having trouble getting gnutls-srv to not have a handshake error: zoot$ gnutls-serv --port 5309 -d 4
in another window: zoot$ gnutls-cli-dbg -p 5309 localhost Resolving 'localhost'... Connecting to '127.0.0.1:5309'... Checking for TLS 1.1 support... no Checking fallback from TLS 1.1 to... failed Checking for TLS 1.0 support... no Checking for SSL 3.0 support... no Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1 Back in window 1: |<4>| REC[1003acb8]: V2 packet received. Length: 140 |<4>| REC[1003acb8]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[1003acb8]: Received Packet[0] Handshake(22) with length: 140 |<4>| REC[1003acb8]: Decrypted Packet[0] Handshake(22) with length: 140 |<3>| HSK[1003acb8]: CLIENT HELLO(v2) was received [140 bytes] |<3>| HSK[1003acb8]: SSL 2.0 Hello: Client's version: 3.1 |<3>| HSK[1003acb8]: Parsing a version 2.0 client hello. |<2>| ASSERT: gnutls_handshake.c:2674 |<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5 |<2>| ASSERT: gnutls_handshake.c:2674 |<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1 |<2>| ASSERT: gnutls_handshake.c:2674 |<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_AES_128_CBC_SHA1 |<2>| ASSERT: gnutls_handshake.c:632 |<2>| ASSERT: gnutls_v2_compat.c:171 |<2>| ASSERT: gnutls_handshake.c:1952 |<2>| ASSERT: gnutls_handshake.c:2415 Error in handshake Error: Could not negotiate a supported cipher suite. |<4>| REC: Sending Alert[2|40] - Handshake failed etc. I've tried this with an x509 certificate and private key, but get similar results. I won't detail that attempt because I suspect I just need to call gnutls-serv differently. Right? _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
