[gnutls-help] GNUTLS_E_PULL_ERROR in gnutls_handshake
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Feb 15 22:33:05 CET 2015
On Sun, 2015-02-15 at 19:06 +0100, Alessandro Carminati wrote:
> Hello,
>
> thank you for answered my help request.
>
> The following is the iksemel function handshake where I issue is
> spawned.
>
> static int handshake (struct stream_data *data)
> {
> const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3,
> 0 };
> const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
> const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC,
> GNUTLS_CIPHER_ARCFOUR, 0};
> const int comp_priority[] = { GNUTLS_COMP_ZLIB,
> GNUTLS_COMP_NULL, 0 };
> const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5,
No doubt this doesn't work any more. It's a very old gnutls API, and
these settings disable anything "new" like AES, and also disables
forward secrecy. It is very likely that the selected combination of
ciphers is considered insecure by the server.
The best would be to convert this code to use the recommended way to set
ciphers, i.e., call:
gnutls_set_default_priority(session);
As in:
http://www.gnutls.org/manual/gnutls.html#Simple-client-example-with-X_002e509-certificate-support
regards,
Nikos
More information about the Gnutls-help
mailing list