Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal...

Simon Josefsson simon at josefsson.org
Tue Feb 16 14:22:00 CET 2010


Michael Meyer <mime at gmx.de> writes:

> *** Simon Josefsson <simon at josefsson.org> wrote:
>> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>> > Michael Meyer wrote:
>
>> >>>> http://pastebin.com/f56a825f6
>> >>> gnutls-cli --disable-extensions -p 5556 GFDGFDGSFD -d 4711 -V --priority "NORMAL:%COMPAT:-VERS-TLS1.1:-CTYPE-OPENPGP"
>> >
>> > He needs to add +ARCFOUR-40 and +RSA-EXPORT as well. They are not
>> > enabled by default.
>
> I've tried with +ARCFOUR-40 but never with +RSA-EXPORT.
>
>> Michael can you try that?  Also try %SSL3_RECORD_VERSION.
>
> gnutls-cli -p 5556 GFDGFDGSFD --priority "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT"
>
> That's it. It works. http://pastebin.com/m357f13b2

Do you need all of them?  Try removing each of them until it breaks, and
until you have tried removing all items.

> Any hints how to make this work also with C-code? :) One of our
> C-Developers ask me that. We are looking for the best way to
> *always* get a connection in C? Even if there is something
> "strange" on the remote side.

Call something like this:

rc = gnutls_priority_set_direct (session, "NORMAL:%COMPAT....", NULL);

http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct
http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init

/Simon





More information about the Gnutls-help mailing list