[gnutls-help] trouble with X509 communication

Veldhuyzen, Kris kris.veldhuyzen at uleth.ca
Wed May 7 05:54:29 CEST 2014

Hi, I'm hoping to get some help on testing and getting TLS communication
working. Using Certtool I've made a CA, client certificate and server
certificate. Each has a certificate/private key pair and I think they are
correct. The CA is self signed and the client and server are signed by the

I've made some simple client and server programmers to test communication
based on the documentation and examples on gnutls.org. The client and the
server both load their respective certs/privkey and the CA cert without
issue and attempt to handshake the communication. When that happens the
server immediately fails with GNUTLS_E_UNKNOWN_CIPHER_SUITE "Could not
negotiate a supported cipher suite" and the client fails with "Error in
the pull function." I've kicked up the debug level in gnutls and I saw an
error on both client and server that looks potentially bad (|<9>|
ENC[006DABD8]: cipher: NULL, MAC: MAC-NULL, Epoch: 0) but most of the
other reported lines don't seem critical (to me at least). In both client
and server the the programs use gnutls_priority_set_direct with a string
"NORMAL:+KX-ALL" and the function succeeds.

I've tried re-mkaing the certificates numerous times thinking that I have
mis-created these somehow but I am not sure what.

Any advice for what I can check would be greatly appreciated!

More information about the Gnutls-help mailing list