Nicolas Leclercq wrote...

> Clients can connect to both nodes with SSL enabled (tested with irssi or
> znc), but the 2 servers does not want to talk together :  SSL error: Could
> not negotiate a supported cipher suite. [gnutls_handshake]
> Packages version :
> libgnutls26                          2.12.23-1ubuntu1.1

This is a bug in gnutls, I recently ran into that one, too:

There's a Debian bug report about it: <>,
No such thing in Ubuntu AFAICS, or Launchpad hates me.

Unfortunately, the gnutls sources aren't very friendly for some
bisecting to identify the fix and backport it if possible. So, you'll
have to work around it.

Your options (read: Pick just one):

* Configure CipherList manually, either by lowering (potential
  security breach) to "NORMAL" or even "EXPORT", or increasing to
  SECURE256. I'd try the latter first unless some clients cannot deal
  with it: This setting affects both client connect and server

* Re-compile ngircd with OpenSSL linkage.

* Re-compile and patch the s2s connecting code to use a different
  cipher selection. Um, yes, that works. Not a very nice idea, though.

> [Server]
>     PeerPassword = toto
>     MyPassword = tata

Not the real passwords, I hope ...



ngIRCd Mailing List:

Reply via email to