gnutls suite b interoperability with a mocana server

James Newell jnewell at
Fri Apr 27 03:42:49 CEST 2012

On Thu, Apr 26, 2012 at 5:17 PM, Nikos Mavrogiannopoulos
<nmav at> wrote:
> On 04/26/2012 08:37 PM, James Newell wrote:
>> Hello,
>> I'm attempting to use gntls client with a mocana ssl server.  The
>> gnutls-cli fails indicating it could not negotiate a cipher suite,
>> despite the mocana sending back the cipher selected in the server
>> hello packet chosen from the client cipher list.  I've provide both
>> debug output from the server and client below.  Is it possible I
>> configured something incorrectly on the gnutls side?  Any help is
>> appreciated.
> Interesting issue. The key is:
>> |<3>| HSK[0x14fc5f0]: Server's version: 3.0
>> |<3>| HSK[0x14fc5f0]: unsupported cipher suite C0.09
> Your server negotiates SSL 3.0 with an elliptic curve ciphersuite. Those
> are defined with TLS 1.0 or later. Is there an option to
> enable TLS 1.0 on your server?

I did not find an option to explicitly enable TLS 1.0 on the server,
but since I had the code I tracked it down to the server code setting
it's ssl minor version based on the announced minor version of the
client, therefore sending 3.0 back to the gnutls-cli client.  I
modified this to return 1, and now the gnutls-cli connects correctly.
Should a server be sending it's SSL version based on the clients
version?  I'm not well versed in the tls spec.  I'll have to do some
reading.  Thank you for you help.
> regards,
> Nikos
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at

More information about the Gnutls-help mailing list