[gnutls-devel] mcabber GnuTLS related problem
Niels Ole Salscheider
niels_ole at salscheider-online.de
Thu Aug 29 21:33:12 CEST 2013
Hello,
> > I have a similar problem with telepathy-gabble / wocky. For me, it fails
> > with
> > "TLS Negotiated: -12: GNUTLS_E_FATAL_ALERT_RECEIVED" when I try to connect
> > to
> > swissjabber.de.
> >
> > This is with the default priority strings:
> > "NONE:+VERS-TLS-ALL:+SIGN-ALL:+MAC-ALL:+CTYPE-ALL:+RSA:+COMP-DEFLATE:+COMP
> > -
> > NULL:+ARCFOUR-128:+ARCFOUR-40:+AES-128-CBC:+AES-256-CBC:+3DES-CBC:+DES-CBC
> > :
> > +RC2-40:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC"
>
> That is a pretty dangerous priority string. While modern versions of gnutls
> would not negotiate DES, RC4-40 or RC2, having them in the priority string
> reveals something fishy.
I have CC-ed the telepathy mailing list; maybe they want to update the
priority string...
> > and
> > "NORMAL:-COMP-NULL:+COMP-DEFLATE:+COMP-NULL"
> > (depending on whether you want to prefer stream chiphers or not).
>
> The only difference of the priority string above with NORMAL is that it
> prioritizes compression. It may be that there is some issue with
> negotiating compression with this server (do you have any information on
> the server?). In general there is no reason to use compression with TLS. It
> can only cause harm (including reveal of plaintext).
This seems to be the problem. Leaving out "+COMP-DEFLATE" in the first string
works, too.
Unfortunately, I have no information about the server, except for what is
available on the homepage and:
<query xmlns="jabber:iq:version">
<name>ejabberd</name>
<version>2.1.5</version>
<os>unix/linux 2.6.32</os>
</query>
Regards,
Ole
More information about the Gnutls-devel
mailing list