Error in handshake - Error: Could not negotiate a supported cipher suite.

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Aug 10 09:45:50 CEST 2012


On 08/09/2012 09:24 PM, Kristian Fiskerstrand wrote:

> On 08/08/2012 03:10 PM, Nikos Mavrogiannopoulos wrote:
>> On Wed, Aug 8, 2012 at 2:24 AM, Kristian Fiskerstrand
>> <kristian.fiskerstrand at sumptuouscapital.com> wrote:
>>> Hi,
>>> I'm trying to set up mod_gnutls on apache to use OpenPGP key for a TLS
>>> session but I'm having some trouble getting gnutls set up correctly for
>>> a handshake. If I'm not too mistaken alert(21) indicate a decryption
>>> error - any hints for how I should debug this?
>>> What I have so far is - using gnutls-serv and gnutls-cli - the following;
>> [...]
>>>     --priority NORMAL:+ANON-DH \
>>
>> Shouldn't you enable openpgp support as well? You can do that by adding
>> +CTYPE-OPENPGP.
> Thank you for the response and sorry for my late reply, got a bit
> pre-occupied for a while there.
> I adjusted the command to
> gnutls-serv \
>     -p 18000 \
>     -g \
>     --http \
>     --priority NORMAL:+CTYPE-OPENPGP:+ANON-DH \
>     --pgpcertfile /etc/apache2/conf/sks-keyservers.net.pub.asc \
>     --pgpkeyfile /etc/apache2/conf/ss/sks-keyservers.net.sec.asc \
>     --pgpsubkey 19EA3DAE12200409
> but I still get the same error ..


Did you add the same priority string to the client as well? If I try the
doc/credentials/gnutls-http-serv script with a client that has the
CTYPE-OPENPGP enabled it works.

regards,
Nikos

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120810/40cdd659/attachment.pgp>


More information about the Gnutls-help mailing list