[gnutls-help] Can't get ANON auth working per the documentation example

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Dec 18 15:26:04 CET 2013

On Tue, Dec 17, 2013 at 8:01 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C]
<lavr at ncbi.nlm.nih.gov> wrote:
> Hi All,
> I'm new here in this list, and I have a question about GNUTLS
> that I do not understand.
> Per the documentation example, I'm creating a client session like this:
>    gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
> But I get the following error (wherever I tried to connect to, whether
> real HTTP servers or gnutls-serv starter locally), from gnutls_handshake():
> error=-12,A TLS fatal alert has been received

 A gnutls server doesn't support anonymous authentication by default.
You need to enable it using the priority string. For example you need
to something like "NORMAL:+ANON-DH:+ANON-ECDH" to both client and
In general there is no reason to use anonymous authentication. If you
don't have a trusted CA you can use, it is better to use certificates
and trust on first use [0].

[0]. http://www.gnutls.org/manual/gnutls.html#Verifying-a-certificate-using-trust-on-first-use-authentication


More information about the Gnutls-help mailing list