[Help-gnutls] Re: Problem starting gnutls-serv with PSK support
simon at josefsson.org
Thu Jan 11 15:14:04 CET 2007
Sebastian Hans <sebastian_hans at yahoo.com> writes:
> I have problems starting gnutls-serv with support for the PSK keyexchange. When I run the gnutls-cli-debug against the server the output shows that no protocol is supported.
> To start the gnutls-serv I use the following command
> gnutls-serv -d 10 -p 4433 --http --ciphers AES --protocols TLS1.1 --kx PSK --pskpasswd sha16.psk
> the output generated by gnutls-cli-debug is:
> C:\downloads\SSL-APIs\GnuTLS\bin>gnutls-cli-debug localhost -p 4433
> Resolving 'localhost'...
> Connecting to '127.0.0.1:4433'...
> Checking for TLS 1.1 support... no
> Checking fallback from TLS 1.1 to... failed
> Checking for TLS 1.0 support... no
> Checking for SSL 3.0 support... no
> Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1
Yeah, gnutls-cli-debug doesn't try with that many cipher suites, so it
will fail to negotiate anything if the server only supports strange
ciphers. This isn't Windows-specific.
I think we could make gnutls-serv always support ANON_DH by using
static DH parameters, unless the user provided real parameters. But
if a server only supports, say, PSK, gnutls-cli-debug will not be able
to connect unless it knows the PSK details.
> I tried a lot of variations but nothing worked.
Try to use gnutls-cli directly instead:
$ ./gnutls-cli localhost -p 4433 --pskusername jas --pskkey db2d5ef736e7e03a167f25dd2023d19a
Connecting to '127.0.0.1:4433'...
- Version: TLS 1.1
- Key Exchange: PSK
- Cipher: AES 128 CBC
- MAC: SHA
- Compression: DEFLATE
- Handshake was completed
- Simple Client Mode:
More information about the Gnutls-help