From ivo at o2w.nl Mon Feb 3 18:28:01 2003 From: ivo at o2w.nl (Ivo Timmermans) Date: Mon Feb 3 18:28:01 2003 Subject: [gnutls-dev]Re: [gnutls-commits]cvs: libtasn1 /lib coding.c In-Reply-To: References: Message-ID: <20030203172859.GA1732@juarez> Nikos Mavroyanopoulos wrote: > Modified files: > /libtasn1/lib coding.c > Log: > Error description is only used if it is != NULL. Are changes to this directory eventually going to make it into a new libtasn1 release? Ivo -- B?ser, b?ser Pinguin! - Nichtlustig From nmav at gnutls.org Mon Feb 3 18:37:01 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon Feb 3 18:37:01 2003 Subject: [gnutls-dev]Re: [gnutls-commits]cvs: libtasn1 /lib coding.c In-Reply-To: <20030203172859.GA1732@juarez> References: <20030203172859.GA1732@juarez> Message-ID: <20030203173820.GA25505@gnutls.org> On Mon, Feb 03, 2003 at 06:29:00PM +0100, Ivo Timmermans wrote: > Are changes to this directory eventually going to make it into a new > libtasn1 release? Yes. Fabio is heading for a new major release. > Ivo > -- > B??ser, b??ser Pinguin! > - Nichtlustig -- Nikos Mavroyanopoulos From andrew at mcdonald.org.uk Mon Feb 10 22:14:01 2003 From: andrew at mcdonald.org.uk (Andrew McDonald) Date: Mon Feb 10 22:14:01 2003 Subject: [gnutls-dev]Re: Bug#175582: gnutls_handshake & packet length In-Reply-To: <20030106200852.GA2457@tec.com.mx> References: <20030106200852.GA2457@tec.com.mx> Message-ID: <20030210211451.GB1540@mcdonald.org.uk> On Mon, Jan 06, 2003 at 02:08:53PM -0600, Beto Reyes wrote: > > when trying to access a imap folder, I get an error like: > gnutls_handshake=UNEXPECTED_PACKET_LENGTH > and it dont let me access the folder > > I avoided the problem unsetting ssl_starttls, so I suppouse that it's > something about ssl while accessing. > > Im using: > Debian GNU/Linux 2.4.18 > gcc version 2.95.4 > libc6 2.3.1-8 > libsasl7 1.5.27-3 Do you know what the server's running? Also, could you try running gnutls-cli-debug (in the libgnutls5-dev package) against the server (something like "gnutls-cli-debug -p 993 servername" should work). -- Andrew McDonald E-mail: andrew at mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ From andrew at mcdonald.org.uk Mon Feb 10 22:17:22 2003 From: andrew at mcdonald.org.uk (Andrew McDonald) Date: Mon Feb 10 22:17:22 2003 Subject: [gnutls-dev]Re: Bug#176037: gnutls_handshake: DH_PRIME_UNACCEPTABLE In-Reply-To: <20030109193626.53B1578103@mozg.mit.edu> References: <20030109193626.53B1578103@mozg.mit.edu> Message-ID: <20030210211816.GC1540@mcdonald.org.uk> On Thu, Jan 09, 2003 at 02:36:26PM -0500, Mark Histed wrote: > > When I try to open the mailbox 'imap://po11.mit.edu/INBOX' with Debian > mutt 1.4.0-4 or -5 and imap_force_ssl=yes, I get the error message > 'gnutls_handshake: DH_PRIME_UNACCEPTABLE' with libgnutls5 0.5.9-2 > installed, and 'gnutls_handshake: The Diffie Hellman prime sent by the > server is not acceptabl', when libgnutls5 0.6.0-2 is installed. In > both cases, opening the mailbox fails. Mozilla has no trouble using > IMAP with SSL on this server. Hmm. What's the server running? I'm wondering if there's something dodgy about it's ephemeral Diffie-Hellman support. Could you also try: gnutls-cli-debug -p 993 po11.mit.edu and provide the results? -- Andrew McDonald E-mail: andrew at mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ From nmav at gnutls.org Mon Feb 10 22:39:02 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon Feb 10 22:39:02 2003 Subject: [gnutls-dev]Re: Bug#176037: gnutls_handshake: DH_PRIME_UNACCEPTABLE In-Reply-To: <20030210211816.GC1540@mcdonald.org.uk> References: <20030109193626.53B1578103@mozg.mit.edu> <20030210211816.GC1540@mcdonald.org.uk> Message-ID: <20030210213249.GA977@gnutls.org> On Mon, Feb 10, 2003 at 09:18:16PM +0000, Andrew McDonald wrote: > > When I try to open the mailbox 'imap://po11.mit.edu/INBOX' with Debian > > mutt 1.4.0-4 or -5 and imap_force_ssl=yes, I get the error message > > 'gnutls_handshake: DH_PRIME_UNACCEPTABLE' with libgnutls5 0.5.9-2 > > installed, and 'gnutls_handshake: The Diffie Hellman prime sent by the > > server is not acceptabl', when libgnutls5 0.6.0-2 is installed. In > > both cases, opening the mailbox fails. Mozilla has no trouble using > > IMAP with SSL on this server. > Hmm. > What's the server running? I'm wondering if there's something dodgy > about it's ephemeral Diffie-Hellman support. This sounds like the server sends a prime of less than 768 bits. By default gnutls-0.6.x will reject such primes. A solution might be to call gnutls_dh_set_prime_bits() with a value less than 512. > -- > Andrew McDonald > E-mail: andrew at mcdonald.org.uk > http://www.mcdonald.org.uk/andrew/ -- Nikos Mavroyanopoulos From histed at MIT.EDU Fri Feb 14 01:51:01 2003 From: histed at MIT.EDU (Mark Histed) Date: Fri Feb 14 01:51:01 2003 Subject: [gnutls-dev]Re: Bug#176037: gnutls_handshake: DH_PRIME_UNACCEPTABLE In-Reply-To: <20030210211816.GC1540@mcdonald.org.uk> References: <20030109193626.53B1578103@mozg.mit.edu> <20030210211816.GC1540@mcdonald.org.uk> Message-ID: <20030213201210.GA12291@mit.edu> Hi Andrew, The problem went away without me installing new versions of the Debian gnutls or mutt packages, so my guess is that something with the server changed. fyi, if I telnet to port 143 on po11.mit.edu, I get: * OK po11.mit.edu Cyrus IMAP4 v2.1.5 server ready Thanks for looking into it! Mark On Mon, Feb 10, 2003 at 09:18:16PM +0000, Andrew McDonald wrote: > On Thu, Jan 09, 2003 at 02:36:26PM -0500, Mark Histed wrote: > > > > When I try to open the mailbox 'imap://po11.mit.edu/INBOX' with Debian > > mutt 1.4.0-4 or -5 and imap_force_ssl=yes, I get the error message > > 'gnutls_handshake: DH_PRIME_UNACCEPTABLE' with libgnutls5 0.5.9-2 > > installed, and 'gnutls_handshake: The Diffie Hellman prime sent by the > > server is not acceptabl', when libgnutls5 0.6.0-2 is installed. In > > both cases, opening the mailbox fails. Mozilla has no trouble using > > IMAP with SSL on this server. > > Hmm. > > What's the server running? I'm wondering if there's something dodgy > about it's ephemeral Diffie-Hellman support. > > Could you also try: gnutls-cli-debug -p 993 po11.mit.edu > and provide the results? > -- From simon+gnutls-dev at josefsson.org Fri Feb 21 18:24:01 2003 From: simon+gnutls-dev at josefsson.org (Simon Josefsson) Date: Fri Feb 21 18:24:01 2003 Subject: [gnutls-dev]kerberos cipher suites? Message-ID: Is anyone working on adding kerberos cipher suites? If not, it would be a useful test of Shishi () so I'll probably start working on it soon. From nmav at gnutls.org Fri Feb 21 18:39:01 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Feb 21 18:39:01 2003 Subject: [gnutls-dev]kerberos cipher suites? In-Reply-To: References: Message-ID: <20030221174018.GA18120@gnutls.org> On Fri, Feb 21, 2003 at 06:25:36PM +0100, Simon Josefsson wrote: > Is anyone working on adding kerberos cipher suites? If not, it would > be a useful test of Shishi () so I'll > probably start working on it soon. As far as I know nobody is working on it so feel free to work on it. You should need to check auth_srp.c, auth_rsa/auth_cert.c for examples on how authentication methods are used. Feel free to ask anything about it. -- Nikos Mavroyanopoulos