iDevice GnuTLS issue with iOS 4.2 - libimobiledevice

Nikos Mavrogiannopoulos nmav at
Tue Nov 23 10:08:20 CET 2010

I'd suggest that you use the priority_set_direct() function. Check the examples
in the gnutls documentation for details. Does gnutls-cli work on the server you
are connecting? What is the output of gnutls-cli-debug?


On Mon, Nov 22, 2010 at 12:17 AM, Nikias Bassen <nikias at> wrote:
> Hi,
> I'm a leading developer of libimobiledevice ( and
> we are facing a GnuTLS issue. The lockdown protocol is initializing an SSLv3
> session and since iOS 4.2 the handshake fails when using GnuTLS. Further
> investigation showed that the error is GNUTLS_E_FATAL_ALERT_RECEIVED -12,
> Error: Could not negotiate a supported cipher suite.
> However, I replaced the appropiate ssl code using OpenSSL and got it working.
> Debugging output showed that the cipher is AES256-SHA, but surprisingly this
> is the same cipher that we have with pre-4.2 devices using GnuTLS.
> We have no clue what might be wrong here as it has been working since 4.2b
> arrived, so I'd like to ask if anyone here might be able to help us
> investigating this issue? Tell me what info you need and I'll get it for you.
> The device is the server and libimobiledevice code the client side of the
> communication.
> Our code is here:
> The SSL code is in src/idevice.c, the handshake is implemented in
> idevice_connection_enable_ssl(). If you have questions about the code just
> ask. You can reach us in #libimobiledevice on FreeNode too.
> Regards,
> Nikias
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at

More information about the Gnutls-devel mailing list