gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Mar 25 10:56:37 CEST 2012


On 03/24/2012 10:57 PM, Thomas Fitzsimmons wrote:

> Hi,
> gnutls-cli --verbose --debug 10 --port 993 "<imap_hostname>"
> fails to handshake with my Exchange server, whereas
> openssl s_client -debug -port 993 -host "<imap_hostname>"
> succeeds.  OpenSSL reports that the server is using the DES-CBC3-SHA
> cipher.
> For background on this issue see:
> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=10904#14


Hello,
 The comment below in the thread is very interesting. Could you send me
a capture of a failed handshake?

> gnutls.c: [1] Received unexpected handshake message 'CERTIFICATE'
> (11). Expected 'SERVER HELLO' (2)

Do priority strings like the ones below help?
http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html

regards,
Nikos




More information about the Gnutls-devel mailing list