gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher

Nikos Mavrogiannopoulos nmav at
Sun Mar 25 10:56:37 CEST 2012

On 03/24/2012 10:57 PM, Thomas Fitzsimmons wrote:

> Hi,
> gnutls-cli --verbose --debug 10 --port 993 "<imap_hostname>"
> fails to handshake with my Exchange server, whereas
> openssl s_client -debug -port 993 -host "<imap_hostname>"
> succeeds.  OpenSSL reports that the server is using the DES-CBC3-SHA
> cipher.
> For background on this issue see:

 The comment below in the thread is very interesting. Could you send me
a capture of a failed handshake?

> gnutls.c: [1] Received unexpected handshake message 'CERTIFICATE'
> (11). Expected 'SERVER HELLO' (2)

Do priority strings like the ones below help?


More information about the Gnutls-devel mailing list