[gnutls-devel] mcabber GnuTLS related problem

Niels Ole Salscheider niels_ole at salscheider-online.de
Thu Aug 29 21:33:12 CEST 2013


Hello,

> > I have a similar problem with telepathy-gabble / wocky. For me, it fails
> > with
> > "TLS Negotiated: -12: GNUTLS_E_FATAL_ALERT_RECEIVED" when I try to connect
> > to
> > swissjabber.de.
> > 
> > This is with the default priority strings:
> > "NONE:+VERS-TLS-ALL:+SIGN-ALL:+MAC-ALL:+CTYPE-ALL:+RSA:+COMP-DEFLATE:+COMP
> > -
> > NULL:+ARCFOUR-128:+ARCFOUR-40:+AES-128-CBC:+AES-256-CBC:+3DES-CBC:+DES-CBC
> > :
> > +RC2-40:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC"
> 
> That is a pretty dangerous priority string. While modern versions of gnutls
> would not negotiate DES, RC4-40 or RC2, having them in the priority string
> reveals something fishy.

I have CC-ed the telepathy mailing list; maybe they want to update the 
priority string...

> > and
> > "NORMAL:-COMP-NULL:+COMP-DEFLATE:+COMP-NULL"
> > (depending on whether you want to prefer stream chiphers or not).
> 
> The only difference of the priority string above with NORMAL is that it
> prioritizes compression.  It may be that there is some issue with
> negotiating compression with this server (do you have any information on
> the server?). In general there is no reason to use compression with TLS. It
> can only cause harm (including reveal of plaintext).

This seems to be the problem. Leaving out "+COMP-DEFLATE" in the first string 
works, too.

Unfortunately, I have no information about the server, except for what is 
available on the homepage and:

<query xmlns="jabber:iq:version">
	<name>ejabberd</name>
	<version>2.1.5</version>
	<os>unix/linux 2.6.32</os>
</query>

Regards,

Ole



More information about the Gnutls-devel mailing list