On 05/23/2011 07:00 PM, Dash Shendy wrote: > Here's my Virtual host setup:
> GnuTLSPriorities > NONE:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+COMP-NULL:+SHA1:+MD5:+RSA:+DHE-RSA:+CAMELLIA-128-CBC:+ARCFOUR-128:+AES-128-CBC:+3DES-CBC If you exchange that string for "NORMAL" does it make any difference? (or adding %COMPAT?) > As far as I understand the error message "no compression overlap" is > similar to "no cypher overlap". That is, there's no common > encryption/compression algorithm. TLS can negotiate apart from cipher a compression algorithm. In your case your priority string specifies the COMP-NULL thus there is an option both parties can negotiate (no compression). I don't know why your browser fails. I connected with firefox 3.6 to the site you mentioned and had no issues. Which browser did you try? Could it be buggy? Did you try others? What could help debugging that would be a capture of the handshake with wireshark. > P.S. I heard you mention that you are quite busy with GnuTLS > development and can not afford the time to maintain mod_gnutls, and > unless you find someone to maintain it, this module is unmaintained. > I would love to get involved and contribute, please let me know what > I can do to help (I do know how to code in C but I do not believe I > have the Mathematical background required, and do not want to > introduce bugs or weaken the security as it happened with Debian's > implementation of OpenSSL a while back, but please do let me know if > I can get involved somehow). mod_gnutls doesn't really require a mathematical background, just basic knowledge of cryptography. It is the internals of apache it requires that I had no time into digging into. If you are interested the open issues (some of them have patches to be reviewed) are at: http://issues.outoforder.cc/view_all_bug_page.php and some fixes are sent to the mailing list at: http://lists.outoforder.cc/pipermail/modules/ (last two or three months). It would be nice if you or someone could test them and include them to the main branch. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
