David Given <[EMAIL PROTECTED]> writes: > I'm trying to use GNUTLS to implement TLS functionality on an SMTP daemon I've > got. It's nearly working really well; the example in 7.4.5 was really useful. > > I've implemented the code in the server to do the TLS handshake, and > everything works fine when I connect to it with gnutls-cli. Unfortunately, > when I try it with real data, using Thunderbird, it doesn't work. Handshake > fails with "Could not negotiate a supported cipher suite." > > Thunderbird appears to be using OpenSSL. GNUTLS *does* work with OpenSSL, > right? If so, can anyone offer any suggestions as to what might be going on, > and how to fix it? > > This is with GNUTLS 1.4.0-3ubuntu1 on Ubuntu Edgy Eft and Thunderbird 1.5.0.9.
That error happens if the server doesn't offer a ciphersuite that the client can accept. Often this is caused by missing X.509 CA and/or server certificate. Check with 'gnutls-cli' what key exchange is negotiated. If it is ANON, most clients will refuse to talk to you. Btw, example 7.4.5 is for anonymous authentication, try 7.4.1 instead. It is easy to change things, just add a X.509 credential and assign it to the session. /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnutls
