[gnutls-help] Can't connect to my ISP's mail server using GnuTLS
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Dec 26 16:41:49 CET 2012
On Wed, Dec 26, 2012 at 3:05 PM, Darko K. <darko.koruga at siol.net> wrote:
> Hi all,
>
> let me start with a bit of a background regarding the problem I am
> facing. ISP started enforcing SMTP authentication recently and of
> course I want to use the encrypted channel for sending my password
> over the line. Mail user agent of my choice (Claws Mail) uses GnuTLS for
> encrypted communication. So I thought it would be as simple as enabling
> SMTP authentication and SSL but it turned out it does not work, I
> always get SSL handshake failed error.
>
> ISP's technical support stated that their server does not support TLS
> 1.1 nor TLS 1.2 so I thought I just need to set a correct priority
> string. I am using GnuTLS versions 3.0.20 and 3.1.5 for my experiments.
> I have attached the output of gnutls-cli-debug when connecting to the
> server in question.
Hello,
This is quite an understatement. Your ISP's server breaks if the
client supports TLS 1.1 or TLS 1.2, and any other cipher than ARCFOUR.
If it wouldn't support them it would just negotiate an earlier version
of the protocol. Try:
NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128:%COMPAT
regards,
Nikos
More information about the Gnutls-help
mailing list