From jas at extundo.com Sat Mar 22 17:32:39 2003 From: jas at extundo.com (Simon Josefsson) Date: Sat, 22 Mar 2003 17:32:39 +0100 Subject: [Help-gnutls] Connecting to news.mozilla.org:563? Message-ID: Any ideas on why news.mozilla.org doesn't work? jas at latte:~$ gnutls-cli -p 563 news.mozilla.org Resolving 'news.mozilla.org'... Connecting to '204.29.187.156:563'... |<2>| ASSERT: x509.c:1107 |<2>| ASSERT: x509.c:1107 |<2>| ASSERT: gnutls_kx.c:261 |<2>| ASSERT: gnutls_handshake.c:906 |<2>| ASSERT: gnutls_record.c:596 |<2>| ASSERT: gnutls_record.c:836 |<2>| ASSERT: gnutls_handshake.c:2082 |<2>| ASSERT: gnutls_handshake.c:2240 *** Received alert [40]: Handshake failed *** Handshake has failed GNUTLS ERROR: A TLS fatal alert has been received. jas at latte:~$ From nmav at gnutls.org Sat Mar 22 19:50:12 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat, 22 Mar 2003 20:50:12 +0200 Subject: [Help-gnutls] Connecting to news.mozilla.org:563? In-Reply-To: References: Message-ID: <20030322185012.GA2471@gnutls.org> On Sat, Mar 22, 2003 at 05:32:39PM +0100, Simon Josefsson wrote: > Any ideas on why news.mozilla.org doesn't work? > jas at latte:~$ gnutls-cli -p 563 news.mozilla.org > Resolving 'news.mozilla.org'... > Connecting to '204.29.187.156:563'... > *** Received alert [40]: Handshake failed > *** Handshake has failed > GNUTLS ERROR: A TLS fatal alert has been received. > jas at latte:~$ I've run the gnutls-cli-debug in the server and I think that this is a quite old/broken server (that only supports export grade encryption). That server seems to work properly if he gets an SSL 2.0 client hello which gnutls does not send. Checking for TLS 1.0 support... no Checking for SSL 3.0 support... yes Checking for version rollback bug in RSA PMS... yes Checking for version rollback bug in Client Hello... dunno Checking whether we need to disable TLS 1.0... yes Checking whether the server ignores the RSA PMS version... yes Checking whether the server can accept Hello Extensions... yes Checking whether the server can accept cipher suites not in SSL 3.0 spec... no Checking for certificate information... [...] Checking whether the server understands TLS closure alerts... no Checking whether the server supports session resumption... no Checking for export-grade ciphersuite support... yes Checking for anonymous authentication support... no Checking for anonymous Diffie Hellman prime size... N/A Checking for ephemeral Diffie Hellman support... no Checking for ephemeral Diffie Hellman prime size... N/A Checking for AES cipher support... no Checking for 3DES cipher support... no Checking for ARCFOUR cipher support... no Checking for MD5 MAC support... yes Checking for SHA1 MAC support... no Checking for max record size (TLS extension)... no Checking for SRP authentication support (TLS extension)... no Checking for OpenPGP authentication support (TLS extension)... no -- Nikos Mavroyanopoulos From jas at extundo.com Sat Mar 22 20:02:57 2003 From: jas at extundo.com (Simon Josefsson) Date: Sat, 22 Mar 2003 20:02:57 +0100 Subject: [Help-gnutls] Re: Connecting to news.mozilla.org:563? In-Reply-To: <20030322185012.GA2471@gnutls.org> (Nikos Mavroyanopoulos's message of "Sat, 22 Mar 2003 20:50:12 +0200") References: <20030322185012.GA2471@gnutls.org> Message-ID: Nikos Mavroyanopoulos writes: > On Sat, Mar 22, 2003 at 05:32:39PM +0100, Simon Josefsson wrote: > >> Any ideas on why news.mozilla.org doesn't work? >> jas at latte:~$ gnutls-cli -p 563 news.mozilla.org >> Resolving 'news.mozilla.org'... >> Connecting to '204.29.187.156:563'... >> *** Received alert [40]: Handshake failed >> *** Handshake has failed >> GNUTLS ERROR: A TLS fatal alert has been received. >> jas at latte:~$ > > I've run the gnutls-cli-debug in the server and I think that > this is a quite old/broken server (that only supports export grade > encryption). That server seems to work properly if he gets an > SSL 2.0 client hello which gnutls does not send. So gnutls-cli cannot talk to it? Ouch. Btw, where are the valid values for --ciphers, --comp etc documented? From nmav at gnutls.org Sun Mar 23 12:15:26 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun, 23 Mar 2003 13:15:26 +0200 Subject: [Help-gnutls] Re: Connecting to news.mozilla.org:563? In-Reply-To: References: <20030322185012.GA2471@gnutls.org> Message-ID: <20030323111526.GA1346@gnutls.org> On Sat, Mar 22, 2003 at 08:02:57PM +0100, Simon Josefsson wrote: > >> Any ideas on why news.mozilla.org doesn't work? > >> jas at latte:~$ gnutls-cli -p 563 news.mozilla.org > >> Resolving 'news.mozilla.org'... > >> Connecting to '204.29.187.156:563'... > >> *** Received alert [40]: Handshake failed > >> *** Handshake has failed > >> GNUTLS ERROR: A TLS fatal alert has been received. > >> jas at latte:~$ > > I've run the gnutls-cli-debug in the server and I think that > > this is a quite old/broken server (that only supports export grade > > encryption). That server seems to work properly if he gets an > > SSL 2.0 client hello which gnutls does not send. > So gnutls-cli cannot talk to it? Ouch. You have to disable TLS 1.0. Use --protocols ssl3 > Btw, where are the valid values for --ciphers, --comp etc documented? No. I'll try to add an option which prints those values. -- Nikos Mavroyanopoulos From nmav at gnutls.org Sun Mar 23 12:21:37 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun, 23 Mar 2003 13:21:37 +0200 Subject: [Help-gnutls] Re: Connecting to news.mozilla.org:563? In-Reply-To: <20030323111526.GA1346@gnutls.org> References: <20030323111526.GA1346@gnutls.org> Message-ID: <20030323112137.GA8814@gnutls.org> On Sun, Mar 23, 2003 at 01:15:26PM +0200, Nikos Mavroyanopoulos wrote: > > Btw, where are the valid values for --ciphers, --comp etc documented? > No. I'll try to add an option which prints those values. I should read the options I write. There is the --list (-l) option to print all the valid options. -- Nikos Mavroyanopoulos From jas at extundo.com Sun Mar 23 15:21:57 2003 From: jas at extundo.com (Simon Josefsson) Date: Sun, 23 Mar 2003 15:21:57 +0100 Subject: [Help-gnutls] Re: Connecting to news.mozilla.org:563? In-Reply-To: <20030323112137.GA8814@gnutls.org> (Nikos Mavroyanopoulos's message of "Sun, 23 Mar 2003 13:21:37 +0200") References: <20030323111526.GA1346@gnutls.org> <20030323112137.GA8814@gnutls.org> Message-ID: Nikos Mavroyanopoulos writes: > You have to disable TLS 1.0. Use --protocols ssl3 It works, thanks. >> > Btw, where are the valid values for --ciphers, --comp etc documented? >> No. I'll try to add an option which prints those values. > I should read the options I write. There is the --list (-l) option > to print all the valid options. Ah, I missed it. The parameter seem to accept any string, so it is hard to tell whether you used the proper string or not. Btw, Gnus and Emacs now has TLS/SSL support via a simple wrapper around gnutls-cli. Thanks for your help. From nmav at gnutls.org Sun Mar 23 18:19:31 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun, 23 Mar 2003 19:19:31 +0200 Subject: [Help-gnutls] Re: Connecting to news.mozilla.org:563? In-Reply-To: References: <20030323111526.GA1346@gnutls.org> <20030323112137.GA8814@gnutls.org> Message-ID: <20030323171931.GA6071@gnutls.org> On Sun, Mar 23, 2003 at 03:21:57PM +0100, Simon Josefsson wrote: > > You have to disable TLS 1.0. Use --protocols ssl3 > It works, thanks. Mozilla (the browser) uses a trick to be able to connect to those servers as well. Firstly tries connecting with TLS1.0 and SSL3.0 enabled, if that fails tries connecting with plain SSL 3.0. This is obviously vulnerable to version downgrade attacks, but it works with all of the broken servers out there. -- Nikos Mavroyanopoulos From ivo at o2w.nl Mon Mar 24 15:14:37 2003 From: ivo at o2w.nl (Ivo Timmermans) Date: Mon, 24 Mar 2003 15:14:37 +0100 Subject: [Help-gnutls] Connecting to news.mozilla.org:563? In-Reply-To: <20030322185012.GA2471@gnutls.org> References: <20030322185012.GA2471@gnutls.org> Message-ID: <20030324141437.GA13989@juarez> Nikos Mavroyanopoulos wrote: > I've run the gnutls-cli-debug in the server and I think that > this is a quite old/broken server (that only supports export grade > encryption). That server seems to work properly if he gets an > SSL 2.0 client hello which gnutls does not send. How about this? > gnutls-cli-debug -p 993 mailbox.rwth-aachen.de Resolving 'mailbox.rwth-aachen.de'... Connecting to '134.130.3.132:993'... Checking for TLS 1.0 support... no Checking for SSL 3.0 support... no > openssl s_client -host mailbox.rwth-aachen.de -port 993 [...] SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Ivo -- No, I just like to run around and scream real loud! - Dee Dee From nmav at gnutls.org Mon Mar 24 18:26:47 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon, 24 Mar 2003 19:26:47 +0200 Subject: [Help-gnutls] Connecting to news.mozilla.org:563? In-Reply-To: <20030324141437.GA13989@juarez> References: <20030322185012.GA2471@gnutls.org> <20030324141437.GA13989@juarez> Message-ID: <20030324172647.GA17119@gnutls.org> On Mon, Mar 24, 2003 at 03:14:37PM +0100, Ivo Timmermans wrote: > > I've run the gnutls-cli-debug in the server and I think that > > this is a quite old/broken server (that only supports export grade > > encryption). That server seems to work properly if he gets an > > SSL 2.0 client hello which gnutls does not send. > How about this? > > gnutls-cli-debug -p 993 mailbox.rwth-aachen.de > Resolving 'mailbox.rwth-aachen.de'... > Connecting to '134.130.3.132:993'... > Checking for TLS 1.0 support... no > Checking for SSL 3.0 support... no Thank you for reporting this. This server seems to request a certificate and gnutls did not properly respond if a certificate was not found. I've corrected that behaviour in the cvs. > Ivo > -- > No, I just like to run around and scream real loud! > - Dee Dee -- Nikos Mavroyanopoulos From vcotirlea at hotmail.com Wed Mar 26 15:21:05 2003 From: vcotirlea at hotmail.com (vc) Date: Wed, 26 Mar 2003 15:21:05 +0100 Subject: [Help-gnutls] gnutls lib for VC7.1 Win2000 Message-ID: Hi all, I am new to the gnutls world and I have to port a Linux application on Windows. I am using Win 2000 and the VC++7.1 (VS .NET beta 2003) compiler. As the Linux application is using the gnutls lib I need also a windows version of this lib, so I have a few questions: 1) Has the gnutls lib support for VC++7.1? Can it be built using this compiler? I would like not to use the cygwin or mingw and I don't know what are the steps needed for compiling the lib with VC7.1. If anyone knows the steps, or where I can find those steps, please tell me. 2) Can I create a normal VC++ workspace for this lib ? If yes how can I find the settings that have to be done? Thanks a lot in advance, Viv From mgates at nbcs.rutgers.edu Thu Mar 27 00:25:19 2003 From: mgates at nbcs.rutgers.edu (MICAH GATES) Date: Wed, 26 Mar 2003 18:25:19 -0500 (EST) Subject: [Help-gnutls] Symbol referencing errors. Message-ID: Hello, I'm having big problems compiling gnuTLS on Solaris machines I get the same problems compiling on Suns 2.7-2.9 in both 32 and 64 bit machines. I tried gnuTLS v. 0.8.4 and 0.8.6 Attached is a the output of the make file, but the main idea is that there are tons of unresolved symbols for libgnutls-extra.so. Anyone have any ideas? Thanks a ton. Micah Gates -------------- next part -------------- A non-text attachment was scrubbed... Name: make.log Type: application/octet-stream Size: 80935 bytes Desc: URL: