Error in handshake - Error: Could not negotiate a supported cipher suite.

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Thu Aug 9 21:24:03 CEST 2012


On 08/08/2012 03:10 PM, Nikos Mavrogiannopoulos wrote:
> On Wed, Aug 8, 2012 at 2:24 AM, Kristian Fiskerstrand
> <kristian.fiskerstrand at sumptuouscapital.com> wrote:
>> Hi,
>> I'm trying to set up mod_gnutls on apache to use OpenPGP key for a TLS
>> session but I'm having some trouble getting gnutls set up correctly for
>> a handshake. If I'm not too mistaken alert(21) indicate a decryption
>> error - any hints for how I should debug this?
>> What I have so far is - using gnutls-serv and gnutls-cli - the following;
> [...]
>>     --priority NORMAL:+ANON-DH \
> 
> Shouldn't you enable openpgp support as well? You can do that by adding
> +CTYPE-OPENPGP.
> 
> regards,
> Nikos
> 

Hi Nikos,

Thank you for the response and sorry for my late reply, got a bit
pre-occupied for a while there.

I adjusted the command to
gnutls-serv \
    -p 18000 \
    -g \
    --http \
    --priority NORMAL:+CTYPE-OPENPGP:+ANON-DH \
    --pgpcertfile /etc/apache2/conf/sks-keyservers.net.pub.asc \
    --pgpkeyfile /etc/apache2/conf/ss/sks-keyservers.net.sec.asc \
    --pgpsubkey 19EA3DAE12200409

but I still get the same error ..

I also tried to generate dh info by certtool --generate-dh-params
and putting the params in a dh file to run
gnutls-serv \
    -p 18000 \
    --dhparams /root/dh \
    --http \
    --priority NORMAL:+CTYPE-OPENPGP:+ANON-DH \
    --pgpcertfile /etc/apache2/conf/sks-keyservers.net.pub.asc \
    --pgpkeyfile /etc/apache2/conf/ss/sks-keyservers.net.sec.asc \
    --pgpsubkey 19EA3DAE12200409

with the same result. Any other hints?

-- 
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Nil desperandum
Never give up
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120809/1851399e/attachment.pgp>


More information about the Gnutls-help mailing list