[sr #107532] gnutls-cli-debug [incorrecttly] reports SRP support for Windows Server 2003/IIS 6.0
Steffen Jaeckel
steffen.jaeckel at stzedn.de
Mon Nov 22 09:58:57 CET 2010
The gnutls-cli-debug should be revised in my opinion.
e.g. in testcase "Checking for version rollback bug in RSA PMS..." are also DHE
cipher suites set and if the server prefers them, the testcase will fail even if
the server hasn't that bug.
btw. that's why I wanted to build gnutls on my windows machine, to revise the
gnutls-cli-debug, but since it doesn't work for me... :/
-----Original Message-----
From: Jeffrey Walton [mailto:INVALID.NOREPLY at gnu.org]
Sent: Montag, 22. November 2010 09:07:28
To: noloader at gmail.com
Subject: [sr #107532] gnutls-cli-debug [incorrecttly] reports SRP support for Windows Server 2003/IIS 6.0
> URL:
> <http://savannah.gnu.org/support/?107532>
> Summary: gnutls-cli-debug [incorrecttly] reports SRP support
> for Windows Server 2003/IIS 6.0
> Project: GnuTLS
> Submitted by: noloader
> Submitted on: Mon 22 Nov 2010 08:07:27 AM GMT
> Category: None
> Priority: 5 - Normal
> Severity: 3 - Normal
> Status: None
> Privacy: Public
> Assigned to: None
> Originator Email:
> Open/Closed: Open
> Discussion Lock: Any
> Operating System: None
> _______________________________________________________
> Details:
> I believe "Checking for SRP authentication support (TLS extension)... yes' is
> incorrect. The actual target of the probe was redacted below.
> $ gnutls-cli-debug -p 443 www.example.com
> Resolving 'www.example.com'...
> Connecting to 'www.xxx.yyy.zzz:443'...
> Checking for TLS 1.1 support... no
> Checking fallback from TLS 1.1 to... TLS 1.0
> Checking for TLS 1.0 support... yes
> Checking for SSL 3.0 support... yes
> Checking for HTTPS server name... not checked
> Checking for version rollback bug in RSA PMS... no
> Checking for version rollback bug in Client Hello... no
> Checking whether we need to disable TLS 1.0... N/A
> Checking whether the server ignores the RSA PMS version... yes
> Checking whether the server can accept Hello Extensions... yes
> Checking whether the server can accept cipher suites not in SSL 3.0 spec...
> yes
> Checking whether the server can accept a bogus TLS record version in the
> client hello... yes
> Checking for certificate information... N/A
> Checking for trusted CAs... N/A
> Checking whether the server understands TLS closure alerts... no
> Checking whether the server supports session resumption... yes
> Checking for export-grade ciphersuite support... yes
> Checking RSA-export ciphersuite info... N/A
> Checking for anonymous authentication support... no
> Checking anonymous Diffie-Hellman group info... N/A
> Checking for ephemeral Diffie-Hellman support... no
> Checking ephemeral Diffie-Hellman group info... N/A
> Checking for AES cipher support (TLS extension)... no
> Checking for CAMELLIA cipher support (TLS extension)... no
> Checking for 3DES cipher support... yes
> Checking for ARCFOUR 128 cipher support... yes
> Checking for ARCFOUR 40 cipher support... yes
> Checking for MD5 MAC support... yes
> Checking for SHA1 MAC support... yes
> Checking for LZO compression support (GnuTLS extension)... no
> Checking for max record size (TLS extension)... no
> Checking for SRP authentication support (TLS extension)... yes
> Checking for OpenPGP authentication support (TLS extension)... no
> _______________________________________________________
> Reply to this item at:
> <http://savannah.gnu.org/support/?107532>
> _______________________________________________
> Message sent via/by Savannah
> http://savannah.gnu.org/
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at gnu.org
> http://lists.gnu.org/mailman/listinfo/gnutls-devel
More information about the Gnutls-devel
mailing list