[Help-gnutls] Re: SMTP TLS & Thunderbird
Simon Josefsson
simon at josefsson.org
Wed Feb 7 07:35:40 CET 2007
David Given <dg at cowlark.com> writes:
> I'm trying to use GNUTLS to implement TLS functionality on an SMTP daemon I've
> got. It's nearly working really well; the example in 7.4.5 was really useful.
>
> I've implemented the code in the server to do the TLS handshake, and
> everything works fine when I connect to it with gnutls-cli. Unfortunately,
> when I try it with real data, using Thunderbird, it doesn't work. Handshake
> fails with "Could not negotiate a supported cipher suite."
>
> Thunderbird appears to be using OpenSSL. GNUTLS *does* work with OpenSSL,
> right? If so, can anyone offer any suggestions as to what might be going on,
> and how to fix it?
>
> This is with GNUTLS 1.4.0-3ubuntu1 on Ubuntu Edgy Eft and Thunderbird 1.5.0.9.
That error happens if the server doesn't offer a ciphersuite that the
client can accept. Often this is caused by missing X.509 CA and/or
server certificate. Check with 'gnutls-cli' what key exchange is
negotiated. If it is ANON, most clients will refuse to talk to you.
Btw, example 7.4.5 is for anonymous authentication, try 7.4.1 instead.
It is easy to change things, just add a X.509 credential and assign it
to the session.
/Simon
More information about the Gnutls-help
mailing list