[gnutls-help] No supported cipher suites have been found.

Mike Mestnik cheako+gnutls at mikemestnik.net
Fri Dec 11 21:22:13 CET 2015 

Is there a way to figure out more specifically what is wrong with a
ClientHello?  I've been toying with the idea of implementing the
handshake portion in perl, but currently I've no working client to
copy and no way of knowing what's wrong it would be pointless.

Here is what I have so far:
#!/usr/bin/env perl

use IO::Socket::INET;

my $socket = new IO::Socket::INET(
PeerHost => '127.0.0.1',
PeerPort => '4458',
Proto    => 'tcp',
);

sub r{rand()*0xffffffff};

my$a=sprintf'\x3\x3%s\x0%s%s\x0%s%s',pack('NL7',time(),r(),r(),r(),r(),r(),r(),r()),
pack("n",8),sprintf'\x0\x40\x0\x6a\x0\x9',pack('C',1),sprintf'';
my$b=sprintf'\x1\x0%s%s',pack('n',length$a),$a;
$socket->send(sprintf'\x16\x3\x3%s%s',pack('n',length$b),$b);
$socket->recv(my$r,4096);
print $r;

=pod
000005e0  16 03 01 00 fc 01 00 00  f8 03 03 56 69 bf 40 cc  |...........Vi. at .|
000005f0  ef 1c b1 5e 81 af cc 3c  4f a9 ca fe 05 a6 6c 0c  |...^...<O.....l.|
00000600  ae e5 24 fc 18 38 5f a0  bd 2b db 00 00 6c c0 2b  |..$..8_..+...l.+|
00000610  c0 2c c0 86 c0 87 c0 09  c0 23 c0 0a c0 24 c0 72  |.,.......#...$.r|
00000620  c0 73 c0 ac c0 ad c0 08  c0 2f c0 30 c0 8a c0 8b  |.s......./.0....|
00000630  c0 13 c0 27 c0 14 c0 28  c0 76 c0 77 c0 12 00 9c  |...'...(.v.w....|
00000640  00 9d c0 7a c0 7b 00 2f  00 3c 00 35 00 3d 00 41  |...z.{./.<.5.=.A|
00000650  00 ba 00 84 00 c0 c0 9c  c0 9d 00 0a 00 9e 00 9f  |................|
00000660  c0 7c c0 7d 00 33 00 67  00 39 00 6b 00 45 00 be  |.|.}.3.g.9.k.E..|
00000670  00 88 00 c4 c0 9e c0 9f  00 16 01 00 00 63 00 17  |.............c..|
00000680  00 00 00 16 00 00 00 05  00 05 01 00 00 00 00 00  |................|
00000690  09 00 03 02 00 01 00 00  00 0e 00 0c 00 00 09 6c  |...............l|
000006a0  6f 63 61 6c 68 6f 73 74  ff 01 00 01 00 00 23 00  |ocalhost......#.|
000006b0  00 00 0a 00 0c 00 0a 00  17 00 18 00 19 00 15 00  |................|
000006c0  13 00 0b 00 02 01 00 00  0d 00 16 00 14 04 01 04  |................|
000006d0  03 05 01 05 03 06 01 06  03 03 01 03 03 02 01 02  |................|
000006e0  03 00 00


On Mon, Dec 7, 2015 at 2:30 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> You can test gnutls-serv and gnutls-cli in the gnutls distribution
> with the following options:
> cd doc/credentials && ./../src/gnutls-serv --pgpkeyfile
> openpgp/sec.asc --pgpcertfile openpgp/pub.asc --dhparams params.pem
> --priority "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+CTYPE-OPENPGP"
>
> cd src && ./gnutls-cli localhost -p 5556 --insecure --priority
> "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+CTYPE-OPENPGP"
>
>
> regards,
> Nikos
>
> On Mon, Dec 7, 2015 at 7:49 AM, Mike Mestnik
> <cheako+gnutls at mikemestnik.net> wrote:
>> From a tip on IRC, I've included the results of a test from the
>> gnutls-cli application.  This is to rule out an issue where a non cert
>> type supporting client might be causing problems.
>>
>> https://travis-ci.org/cheako/ihlt/builds/95292899
>>
>> At the end, when the other connections from perl fail, there is a test
>> from gnutls-client.  Same failure.
>>
>> Is there an issue with non cert type clients?  Would that also be
>> mapped to "No supported cipher suites..." error?  Can i have a patch
>> where this error has it's own message?
>>
>> On Wed, Dec 2, 2015 at 7:54 PM, Mike Mestnik
>> <cheako+gnutls at mikemestnik.net> wrote:
>>> I'm writing an example application using gnutls and I'm wondering how
>>> to get SSL support for RFC 6091, as found in gnutls.
>>>
>>> https://github.com/cheako/ihlt/tree/24f6f08cf7c4c118550858718f0a3bb07d3bfa6b
>>>
>>> # This gives the same error as [1]perl, so I'm thinking I've a genuine
>>> problem with my implementation of the echo server.
>>> gnutls-cli -p 4458 --pgpkeyfile=example/openpgp-secret.txt
>>> --pgpcertfile=example/openpgp-server.txt localhost
>>>
>>> See also:
>>> 1. http://www.perlmonks.org/?node_id=1149241
>>
>> _______________________________________________
>> Gnutls-help mailing list
>> Gnutls-help at lists.gnutls.org
>> http://lists.gnupg.org/mailman/listinfo/gnutls-help

More information about the Gnutls-help mailing list