Re: tmda-ofmipd: V2: Internal support for SSL via tlslite package

Thu, 01 Mar 2007 21:43:27 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason R. Mastaler wrote:
> "Jason R. Mastaler" <[EMAIL PROTECTED]> writes:
> 
>> I tried testing on Linux as well, and my results were even worse
>> actually.  For Thunderbird, same results as on my Mac - Python 2.4
>> works for both TLS and SSL, and Python 2.5 works for neither.
>>
>> Then I tried Evolution, and couldn't get TLS or SSL to work, with either
>> version of Python. But the error tmda-ofmipd gave was different:

I've tracked this down. SSL can support a huge variety of different
ciphers etc. tlslite supports some subset of these, as does Evolution.
Unfortunately, the sets that tlslite and Evolution support don't intersect.

This piece of code in TLSConnection.py::_handshakeWrapperAsync:

#Calculate the first cipher suite intersection.
#This is the 'privileged' ciphersuite.  We'll use it if we're
#doing a shared-key resumption or a new negotiation.  In fact,
#the only time we won't use it is if we're resuming a non-sharedkey
#session, in which case we use the ciphersuite from the session.
#
#Given the current ciphersuite ordering, this means we prefer SRP
#over non-SRP.
print "handshake: cipherSuites=", repr(cipherSuites)
print "handshake: clientHello.cipher_suites=", \
                repr(clientHello.cipher_suites)
for cipherSuite in cipherSuites:
    if cipherSuite in clientHello.cipher_suites:
        break
else:
    for result in self._sendError(\
            AlertDescription.handshake_failure):
        yield result

prints this:

handshake: cipherSuites= [53, 47, 5]
handshake: clientHello.cipher_suites= [65664, 196736, 458944, 393280,
131200, 262272, 4, 65279, 10, 65278, 9, 100, 98, 3, 6]

:-(

Given that tlslite doesn't know any of the cipher suites that Evolution
offset, I don't even know what Evolution is offering... I guess the SSL
spec. would probably tell me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF57lfhk3bo0lNTrURAlQHAKC81j05iXe34zqKGc+qWXAWnr4opwCg1q70
5pY/qFHcfqajRzpoh+cZ3aQ=
=9qgN
-----END PGP SIGNATURE-----
_________________________________________________
tmda-workers mailing list ([email protected])
http://tmda.net/lists/listinfo/tmda-workers

Reply via email to