Michael Meyer <[email protected]> writes: > *** Simon Josefsson <[email protected]> wrote: >> Michael Meyer <[email protected]> writes: > >> >> Michael can you try that? Also try %SSL3_RECORD_VERSION. >> > >> > gnutls-cli -p 5556 GFDGFDGSFD --priority >> > "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT" >> > >> > That's it. It works. http://pastebin.com/m357f13b2 >> >> Do you need all of them? > > Yes. > >> Try removing each of them until it breaks, and >> until you have tried removing all items. > > I did. ;) If even one option is away, it no longer works.
Wow. Then it is the most broken TLS server I've heard of so far. I wonder what TLS stack that is... >> > Any hints how to make this work also with C-code? :) One of our >> > C-Developers ask me that. We are looking for the best way to >> > *always* get a connection in C? Even if there is something >> > "strange" on the remote side. >> >> Call something like this: >> >> rc = gnutls_priority_set_direct (session, "NORMAL:%COMPAT....", NULL); >> >> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct >> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init > > Ok. I'll pass the information to our C-developers. It seems that we > need some deeper knowledge about GnuTLS in our project (http://openvas.org). > Anybody interested to help? ;) I'll certainly try to help by answering questions. Anything in particular you need help with? /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
