Sebastian Hans <[EMAIL PROTECTED]> writes: > Hi, > > I have problems starting gnutls-serv with support for the PSK keyexchange. > When I run the gnutls-cli-debug against the server the output shows that no > protocol is supported. > > To start the gnutls-serv I use the following command > > gnutls-serv -d 10 -p 4433 --http --ciphers AES --protocols TLS1.1 --kx PSK > --pskpasswd sha16.psk > > the output generated by gnutls-cli-debug is: > > C:\downloads\SSL-APIs\GnuTLS\bin>gnutls-cli-debug localhost -p 4433 > Resolving 'localhost'... > Connecting to '127.0.0.1:4433'... > Checking for TLS 1.1 support... no > Checking fallback from TLS 1.1 to... failed > Checking for TLS 1.0 support... no > Checking for SSL 3.0 support... no > > Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1
Yeah, gnutls-cli-debug doesn't try with that many cipher suites, so it will fail to negotiate anything if the server only supports strange ciphers. This isn't Windows-specific. I think we could make gnutls-serv always support ANON_DH by using static DH parameters, unless the user provided real parameters. But if a server only supports, say, PSK, gnutls-cli-debug will not be able to connect unless it knows the PSK details. > I tried a lot of variations but nothing worked. Try to use gnutls-cli directly instead: $ ./gnutls-cli localhost -p 4433 --pskusername jas --pskkey db2d5ef736e7e03a167f25dd2023d19a Resolving 'localhost'... Connecting to '127.0.0.1:4433'... - Version: TLS 1.1 - Key Exchange: PSK - Cipher: AES 128 CBC - MAC: SHA - Compression: DEFLATE - Handshake was completed - Simple Client Mode: ... /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
