gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher
Thomas Fitzsimmons
fitzsim at fitzsim.org
Tue Mar 27 00:13:28 CEST 2012
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> On 03/24/2012 10:57 PM, Thomas Fitzsimmons wrote:
>
>> Hi,
>> gnutls-cli --verbose --debug 10 --port 993 "<imap_hostname>"
>> fails to handshake with my Exchange server, whereas
>> openssl s_client -debug -port 993 -host "<imap_hostname>"
>> succeeds. OpenSSL reports that the server is using the DES-CBC3-SHA
>> cipher.
>> For background on this issue see:
>> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=10904#14
>
>
> Hello,
> The comment below in the thread is very interesting. Could you send me
> a capture of a failed handshake?
>
>> gnutls.c: [1] Received unexpected handshake message 'CERTIFICATE'
>> (11). Expected 'SERVER HELLO' (2)
Yes, attached the redacted output of:
./gnutls-cli --debug 10 --verbose --port 993 <imap_hostname>
from gnutls HEAD.
> Do priority strings like the ones below help?
> http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html
Also attached the redacted output after adding:
1. --priority "NORMAL:%COMPAT"
2. --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT"
3. --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128:%COMPAT"
The third priority setting works by using ARCFOUR-128.
Thomas
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: default-options.txt
URL: </pipermail/attachments/20120326/76f8c1fd/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: priority-options-1.txt
URL: </pipermail/attachments/20120326/76f8c1fd/attachment-0001.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: priority-options-2.txt
URL: </pipermail/attachments/20120326/76f8c1fd/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: priority-options-3.txt
URL: </pipermail/attachments/20120326/76f8c1fd/attachment-0003.txt>
More information about the Gnutls-devel
mailing list