Bug#702120: mandos: Mandos/gnutls fails to establish connection, an algorithm that is not enabled was negotiated
Félix Sipma felix+deb...@gueux.org writes: I do not see this bug anymore (no need to set priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224 in /etc/mandos/mandos.conf). So, this bug may be closed, at least on sid... But I would be nice to understand why it works now :-) The source of these problems is entirely GnuTLS - it seems it has issues connecting with SECURE256, especially using OpenPGP keys, and *particularly* when that key is a DSA key with an Elgamal subkey. As I recall, the few times I have had a bit of time to test it I've only gotten confusing results. I will have to do some more tests in my copious spare time. /Teddy Hogeborn -- The Mandos Project http://www.recompile.se/mandos pgpJcDij3sBGl.pgp Description: PGP signature
Bug#702120: mandos: Mandos/gnutls fails to establish connection, an algorithm that is not enabled was negotiated
I do not see this bug anymore (no need to set priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224 in /etc/mandos/mandos.conf). So, this bug may be closed, at least on sid... But I would be nice to understand why it works now :-) signature.asc Description: Digital signature
Bug#702120: mandos: Mandos/gnutls fails to establish connection, an algorithm that is not enabled was negotiated
Uncommenting the priority setting in mandos.conf and appending :+SIGN-RSA-SHA224 makes it work; i.e. this line should be present in /etc/mandos.conf: priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224 I wish I knew why this works - I arrived at this by trial and error. I'm suspecting a GnuTLS regression with SECURE256 and CTYPE-OPENPGP. Note: The clients need no changes. /Teddy Hogeborn -- The Mandos Project http://www.recompile.se/mandos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702120: mandos: Mandos/gnutls fails to establish connection, an algorithm that is not enabled was negotiated
Teddy Hogeborn te...@recompile.se writes: Uncommenting the priority setting in mandos.conf and appending :+SIGN-RSA-SHA224 makes it work; i.e. this line should be present in /etc/mandos.conf: priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224 I meant, of course, /etc/mandos/mandos.conf. /Teddy Hogeborn -- The Mandos Project http://www.recompile.se/mandos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702120: mandos: Mandos/gnutls fails to establish connection, an algorithm that is not enabled was negotiated
Package: mandos Version: 1.5.5-1 Followup-For: Bug #702120 The same problem appeared here after upgrading from squeeze to wheezy... It should have been a RC bug :-(. -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: i386 (i586) Kernel: Linux 2.6.32-5-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mandos depends on: ii adduser 3.113+nmu3 ii avahi-daemon 0.6.27-2+squeeze1 ii python 2.7.3-4 ii python-argparse 1.2.1-2 ii python-avahi 0.6.31-2 ii python-dbus 1.1.1-1 ii python-gnupginterface0.3.2-9.1 ii python-gnutls1.2.4-1 ii python-gobject 3.2.2-2 ii python-urwid 1.0.1-2 ii python2.7 [python-argparse] 2.7.3-6 Versions of packages mandos recommends: ii fping 3.2-1 mandos suggests no packages. -- Configuration Files: /etc/mandos/clients.conf [Errno 13] Permission denied: u'/etc/mandos/clients.conf' -- no debconf information -- Félix -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#702120: mandos: Mandos/gnutls fails to establish connection, an algorithm that is not enabled was negotiated
Package: mandos Version: 1.6.0-1 Severity: grave Justification: renders package unusable Installing mandos ( from unstable or wheezy ) leads to a failing connection. Setup: 2 new wheezy installs in a VM each on the same subnet. 1 VM client, 1 VM server. Connection is established properly, but SSL negotiations fail. This appears to be related to the GnuTLS package version, but as it's been tested on both wheezy and unstable ( mandos, gnutls, each ) without success, I'm left with filing a bug. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mandos depends on: ii adduser 3.113+nmu3 ii avahi-daemon 0.6.31-1 ii python 2.7.3-4 ii python-avahi 0.6.31-1 ii python-dbus 1.1.1-1 ii python-gnupginterface0.3.2-9.1 ii python-gnutls1.2.4-1 ii python-gobject 3.2.2-1 ii python-urwid 1.0.1-2 ii python2.7 [python-argparse] 2.7.3-6 Versions of packages mandos recommends: ii fping 3.2-1 mandos suggests no packages. -- Configuration Files: /etc/mandos/clients.conf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org