[gnutls-devel] test suite fails one test on 3.2.10. + odd behavoir of gnutls-cli

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Feb 3 19:56:34 CET 2014


On 02/03/2014 02:00 PM, Heldt, Daniel wrote:
> Hi there,
> today I built gnutls 3.2.10 on an ubuntu in a vm and one test failed
> (twice).
> I attached the testsuite.log and am willing to provide more information,
> if needed.

Have you applied additional patches to the distributed tarball or used
configure options to disable certain features? If not could you run the
test that fails manually using the -v switch?

> Further, I observed, that
> Gnutls-cli announces the cipher suites ECDHE_PSK_WITH_AES_256_CBC_SHA384
> and ECDHE_PSK_WITH_AES_128_CBC_SHA256 (if the priority string contains
> some +ECDHE_PSK),but if the server side chooses them, the handshake
> fails (I can post the network-traffic, if it is of interest) with the
> error message:
> *** Fatal error: Could not negotiate a supported cipher suite.
> *** Handshake has failed
> GnuTLS error: Could not negotiate a supported cipher suite.

Could it be that you have disabled TLS 1.2? These two ciphersuites are
(mistakenly) enabled only in TLS 1.2. I noticed that few hours after the
release and was fixed in the 8648c2da75e0db5f586627c70f2889a083462619
commit.

regards,
Nikos




More information about the Gnutls-devel mailing list