[Help-gnutls] Re: TLS

Simon Josefsson simon at josefsson.org
Wed Feb 21 11:34:47 CET 2007


dellanna at csp.it writes:

> Hi all,
> I don't know if my email was delivered correctly and I rewrite my problem.
> I tried to install gnutls-cli 1.7.6 version in windows machine... this operation
> was completed successfully.
> But
> 1. I run ex-serv-pgp on ubuntu machine. The application work correctly because
> it return:
>
> Echo Server ready. Listening to port '5556'.

Did you read the source of the example?  You need to have a OpenPGP
private key and public key in the appropriate files.  Otherwise, the
server will have no credentials, and clients won't be able to talk to
it.

> 2. When I run on windows machine (on the same LAN) gnutls-cli --port 5556
> hostname_OF_Linux_Machine it return the following output:
> Resolving "hostname"
> Connecting to '194.116.9.92:5556'
> ***Fatal error: A TLS packet with unexpected length was received.
> Handshake has failed
> GNUTLS ERROR: A TLS packet with unexpected lenght was received.
>
> 3. On server side (Linux Machine with ex-serv-pgp running) the output is:
>
> -connection from 194.116.9.26, port 2638
> *** Handshake has failed (Could not negotiate a supported cipher suite.)

This seems to be consistent with missing credentials.

> 4. If I run on windows machine gnutls-cli-debug --port 5556
> hostname_OF_Linux_Machine it return the following output:
> Resolving "hostname"
> Connecting to '194.116.9.92:5556'
> Checking for TLS 1.1 support ...no
> Checking fallback from TLS 1.1 to... failed
> Checking for TLS 1.0 support ...no
> Checking for SSL 3.0 support ...no
> Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1
> Can someone help me?
>
> This error occurs in all example used in manual gnutls.
> This is very strange because examples using TLS, isn't it?

Yes, but if gnutls-cli-debug fails to handshake with the server, it
will report that the server doesn't support TLS at all.  This happens
when the server doesn't have any credentials and doesn't support
anonymous key exchanges.

I agree that the output of gnutls-cli-debug is confusing here.  I have
added a TODO item:

- Make gnutls-cli-debug exit with better error messages if the
  handshake fails, rather than saying that the server doesn't support
  TLS.

/Simon





More information about the Gnutls-help mailing list