[gnutls-devel] mcabber GnuTLS related problem
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Aug 29 20:47:27 CEST 2013
On Thu, Aug 29, 2013 at 9:06 PM, Niels Ole Salscheider <
niels_ole at salscheider-online.de> wrote:
> Hello,
>
> I have a similar problem with telepathy-gabble / wocky. For me, it fails
> with
> "TLS Negotiated: -12: GNUTLS_E_FATAL_ALERT_RECEIVED" when I try to connect
> to
> swissjabber.de.
>
> This is with the default priority strings:
> "NONE:+VERS-TLS-ALL:+SIGN-ALL:+MAC-ALL:+CTYPE-ALL:+RSA:+COMP-DEFLATE:+COMP-
> NULL:+ARCFOUR-128:+ARCFOUR-40:+AES-128-CBC:+AES-256-CBC:+3DES-CBC:+DES-CBC:
> +RC2-40:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC"
>
That is a pretty dangerous priority string. While modern versions of gnutls
would not negotiate DES, RC4-40 or RC2, having them in the priority string
reveals something fishy.
> and
> "NORMAL:-COMP-NULL:+COMP-DEFLATE:+COMP-NULL"
> (depending on whether you want to prefer stream chiphers or not).
>
The only difference of the priority string above with NORMAL is that it
prioritizes compression. It may be that there is some issue with
negotiating compression with this server (do you have any information on
the server?). In general there is no reason to use compression with TLS. It
can only cause harm (including reveal of plaintext).
regards,
Nikos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130829/f3d82fc0/attachment-0002.html>
More information about the Gnutls-devel
mailing list