gnutls suite b interoperability with a mocana server

James Newell jnewell at newells.info
Fri Apr 27 03:42:49 CEST 2012


On Thu, Apr 26, 2012 at 5:17 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On 04/26/2012 08:37 PM, James Newell wrote:
>
>> Hello,
>>
>> I'm attempting to use gntls client with a mocana ssl server.  The
>> gnutls-cli fails indicating it could not negotiate a cipher suite,
>> despite the mocana sending back the cipher selected in the server
>> hello packet chosen from the client cipher list.  I've provide both
>> debug output from the server and client below.  Is it possible I
>> configured something incorrectly on the gnutls side?  Any help is
>> appreciated.
>
>
> Interesting issue. The key is:
>
>> |<3>| HSK[0x14fc5f0]: Server's version: 3.0
>> |<3>| HSK[0x14fc5f0]: unsupported cipher suite C0.09
>
>
> Your server negotiates SSL 3.0 with an elliptic curve ciphersuite. Those
> are defined with TLS 1.0 or later. Is there an option to
> enable TLS 1.0 on your server?

I did not find an option to explicitly enable TLS 1.0 on the server,
but since I had the code I tracked it down to the server code setting
it's ssl minor version based on the announced minor version of the
client, therefore sending 3.0 back to the gnutls-cli client.  I
modified this to return 1, and now the gnutls-cli connects correctly.
Should a server be sending it's SSL version based on the clients
version?  I'm not well versed in the tls spec.  I'll have to do some
reading.  Thank you for you help.
Regards,
Jim
>
> regards,
> Nikos
>
>
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> https://lists.gnu.org/mailman/listinfo/help-gnutls




More information about the Gnutls-help mailing list