Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal...

Simon Josefsson simon at josefsson.org
Wed Feb 17 15:46:27 CET 2010


Michael Meyer <mime at gmx.de> writes:

> *** Simon Josefsson <simon at josefsson.org> wrote:
>> Michael Meyer <mime at gmx.de> writes:
>  
>> >> Michael can you try that?  Also try %SSL3_RECORD_VERSION.
>> >
>> > gnutls-cli -p 5556 GFDGFDGSFD --priority "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT"
>> >
>> > That's it. It works. http://pastebin.com/m357f13b2
>> 
>> Do you need all of them? 
>
> Yes. 
>
>> Try removing each of them until it breaks, and
>> until you have tried removing all items.
>
> I did. ;) If even one option is away, it no longer works.

Wow.  Then it is the most broken TLS server I've heard of so far.  I
wonder what TLS stack that is...

>> > Any hints how to make this work also with C-code? :) One of our
>> > C-Developers ask me that. We are looking for the best way to
>> > *always* get a connection in C? Even if there is something
>> > "strange" on the remote side.
>> 
>> Call something like this:
>> 
>> rc = gnutls_priority_set_direct (session, "NORMAL:%COMPAT....", NULL);
>> 
>> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct
>> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init
>
> Ok. I'll pass the information to our C-developers. It seems that we
> need some deeper knowledge about GnuTLS in our project (http://openvas.org).
> Anybody interested to help? ;)

I'll certainly try to help by answering questions.  Anything in
particular you need help with?

/Simon





More information about the Gnutls-help mailing list