[gnutls-help] Can't connect to my ISP's mail server using GnuTLS

Darko K. darko.koruga at siol.net
Thu Dec 27 10:35:34 CET 2012


On Wed, 26 Dec 2012 17:41:49 +0200 Nikos Mavrogiannopoulos wrote:

> On Wed, Dec 26, 2012 at 3:05 PM, Darko K. <darko.koruga at siol.net>
> wrote:
> > Hi all,
> >
> > let me start with a bit of a background regarding the problem I am
> > facing. ISP started enforcing SMTP authentication recently and of
> > course I want to use the encrypted channel for sending my password
> > over the line. Mail user agent of my choice (Claws Mail) uses
> > GnuTLS for encrypted communication. So I thought it would be as
> > simple as enabling SMTP authentication and SSL but it turned out it
> > does not work, I always get SSL handshake failed error.
> >
> > ISP's technical support stated that their server does not support
> > TLS 1.1 nor TLS 1.2 so I thought I just need to set a correct
> > priority string. I am using GnuTLS versions 3.0.20 and 3.1.5 for my
> > experiments. I have attached the output of gnutls-cli-debug when
> > connecting to the server in question.
> 
> Hello,
>  This is quite an understatement. Your ISP's server breaks if the
> client supports TLS 1.1 or TLS 1.2, and any other cipher than ARCFOUR.
> If it wouldn't support them it would just negotiate an earlier version
> of the protocol. Try:
> NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128:%COMPAT
> 
Nikos,

thank you for your help. I can now proceed with my Clas Mail
modification to allow specifying a GnuTLS priority string.

Regards,
                  Darko



More information about the Gnutls-help mailing list