[Help-gnutls] getting gnutls-serv to work

Neale Pickett neale at lanl.gov
Thu Nov 9 01:36:43 CET 2006 

I'm having trouble getting gnutls-srv to not have a handshake error:

zoot$ gnutls-serv --port 5309 -d 4

in another window:
zoot$ gnutls-cli-dbg -p 5309 localhost
Resolving 'localhost'...
Connecting to '127.0.0.1:5309'...
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.0 support... no
Checking for SSL 3.0 support... no

Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1

Back in window 1:
|<4>| REC[1003acb8]: V2 packet received. Length: 140
|<4>| REC[1003acb8]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[1003acb8]: Received Packet[0] Handshake(22) with length: 140
|<4>| REC[1003acb8]: Decrypted Packet[0] Handshake(22) with length: 140
|<3>| HSK[1003acb8]: CLIENT HELLO(v2) was received [140 bytes]
|<3>| HSK[1003acb8]: SSL 2.0 Hello: Client's version: 3.1
|<3>| HSK[1003acb8]: Parsing a version 2.0 client hello.
|<2>| ASSERT: gnutls_handshake.c:2674
|<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<2>| ASSERT: gnutls_handshake.c:2674
|<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<2>| ASSERT: gnutls_handshake.c:2674
|<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_AES_128_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[1003acb8]: Removing ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[1003acb8]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[1003acb8]: Removing ciphersuite: RSA_AES_128_CBC_SHA1
|<2>| ASSERT: gnutls_handshake.c:632
|<2>| ASSERT: gnutls_v2_compat.c:171
|<2>| ASSERT: gnutls_handshake.c:1952
|<2>| ASSERT: gnutls_handshake.c:2415
Error in handshake
Error: Could not negotiate a supported cipher suite.
|<4>| REC: Sending Alert[2|40] - Handshake failed

etc.


I've tried this with an x509 certificate and private key, but get similar 
results.  I won't detail that attempt because I suspect I just need to call 
gnutls-serv differently.  Right?

More information about the Gnutls-help mailing list