gnutls and handshake issue supported cipher suite

Ali Khalfan ali.khalfan at gmail.com
Mon Sep 24 08:03:54 CEST 2012


I am trying to setup openvas on my machine (ubuntu 12.04.1 32 bit )
and I noticed that the openvas manager is not able to connect due to a
handshake problem.  I tried simulating the openvas server with gnutls-serv

sudo gnutls-serv -d 9 --x509keyfile
/usr/local/var/lib/openvas/private/CA/serverkey.pem --x509certfile
/usr/local/var/lib/openvas/CA/servercert.pem --x509cafile
/usr/local/var/lib/openvas/CA/cacert.pem -p 9393
Set static Diffie-Hellman parameters, consider --dhparams.
Processed 1 CA certificate(s).
Echo Server listening on IPv4 0.0.0.0 port 9393...done
Echo Server listening on IPv6 :: port 9393...bind() failed: Address
already in use
|<4>| REC[0x9f5c8a0]: Allocating epoch #0



When I tried to connect the openvas manager I get the below problem.
Note: I tried simulating the same thing with openssl and I got a handshake.


I'm not sure where "Error: Could not negotiate a supported cipher
suite." is coming from




sudo gnutls-serv -d 9 --x509keyfile
/usr/local/var/lib/openvas/private/CA/serverkey.pem --x509certfile
/usr/local/var/lib/openvas/CA/servercert.pem --x509cafile
/usr/local/var/lib/openvas/CA/cacert.pem -p 9393
Set static Diffie-Hellman parameters, consider --dhparams.
Processed 1 CA certificate(s).
Echo Server listening on IPv4 0.0.0.0 port 9393...done
Echo Server listening on IPv6 :: port 9393...bind() failed: Address
already in use
|<4>| REC[0x9f5c8a0]: Allocating epoch #0

* Accepted connection from IPv4 127.0.0.1 port 49340 on Mon Sep 24
08:58:42 2012
|<2>| ASSERT: gnutls_constate.c:695
|<4>| REC[0x9f5c8a0]: Allocating epoch #1
|<4>| REC[0x9f5c8a0]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x9f5c8a0]: Received Packet[0] Handshake(22) with length: 108
|<4>| REC[0x9f5c8a0]: Decrypted Packet[0] Handshake(22) with length: 108
|<3>| HSK[0x9f5c8a0]: CLIENT HELLO was received [108 bytes]
|<3>| HSK[0x9f5c8a0]: Client's version: 3.3
|<2>| ASSERT: gnutls_db.c:326
|<2>| ASSERT: gnutls_db.c:246
|<2>| EXT[0x9f5c8a0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<2>| EXT[0x9f5c8a0]: Parsing extension 'SIGNATURE ALGORITHMS/13' (16 bytes)
|<2>| EXT[SIGA]: rcvd signature algo (4.1) RSA-SHA256
|<2>| EXT[SIGA]: rcvd signature algo (4.2) DSA-SHA256
|<2>| EXT[SIGA]: rcvd signature algo (4.3) GOST R 34.10-94
|<2>| EXT[SIGA]: rcvd signature algo (5.1) RSA-SHA384
|<2>| EXT[SIGA]: rcvd signature algo (5.3) GOST R 34.10-94
|<2>| EXT[SIGA]: rcvd signature algo (6.1) RSA-SHA512
|<2>| EXT[SIGA]: rcvd signature algo (6.3) GOST R 34.10-94
|<2>| ASSERT: gnutls_handshake.c:3348
|<1>| Could not find an appropriate certificate: Insufficient
credentials for that request.
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA256
|<2>| ASSERT: gnutls_handshake.c:921
|<2>| ASSERT: gnutls_handshake.c:586
|<2>| ASSERT: gnutls_handshake.c:2358
|<2>| ASSERT: gnutls_handshake.c:2991
Error in handshake
Error: Could not negotiate a supported cipher suite.
|<4>| REC: Sending Alert[2|40] - Handshake failed
|<4>| REC[0x9f5c8a0]: Sending Packet[0] Alert(21) with length: 2
|<4>| REC[0x9f5c8a0]: Sent Packet[1] Alert(21) with length: 7
|<2>| ASSERT: gnutls_record.c:276
|<4>| REC[0x9f5c8a0]: Epoch #0 freed
|<4>| REC[0x9f5c8a0]: Epoch #1 freed





More information about the Gnutls-help mailing list