Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal...

Michael Meyer mime at gmx.de
Tue Feb 16 15:34:03 CET 2010


*** Simon Josefsson <simon at josefsson.org> wrote:
> Michael Meyer <mime at gmx.de> writes:
 
> >> Michael can you try that?  Also try %SSL3_RECORD_VERSION.
> >
> > gnutls-cli -p 5556 GFDGFDGSFD --priority "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT"
> >
> > That's it. It works. http://pastebin.com/m357f13b2
> 
> Do you need all of them? 

Yes. 

> Try removing each of them until it breaks, and
> until you have tried removing all items.

I did. ;) If even one option is away, it no longer works.

> > Any hints how to make this work also with C-code? :) One of our
> > C-Developers ask me that. We are looking for the best way to
> > *always* get a connection in C? Even if there is something
> > "strange" on the remote side.
> 
> Call something like this:
> 
> rc = gnutls_priority_set_direct (session, "NORMAL:%COMPAT....", NULL);
> 
> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct
> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init

Ok. I'll pass the information to our C-developers. It seems that we
need some deeper knowledge about GnuTLS in our project (http://openvas.org).
Anybody interested to help? ;)

Micha





More information about the Gnutls-help mailing list