gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher
tzz at lifelogs.com
Fri Mar 30 14:02:27 CEST 2012
On Thu, 29 Mar 2012 20:22:31 -0400 Thomas Fitzsimmons <fitzsim at fitzsim.org> wrote:
TF> Emacs allows overriding the default GnuTLS priority string using a
TF> variable (gnutls-algorithm-priority) so I set it to "performance" to
TF> work around this server-side issue. In cases where Emacs would
TF> otherwise fail to connect to a server because of a weak ciphersuite
TF> maybe the UI should warn the user and ask them whether or not to
TF> proceed. Anyway, thanks for analyzing the logs.
I don't think currently Emacs can distinguish this case from a normal
negotiation failure. The best we can do is to generally suggest a
weaker priority string, which seems to be a bad idea. Is there a way to
determine that this case has occurred?
More information about the Gnutls-devel