Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal...
Simon Josefsson
simon at josefsson.org
Wed Feb 17 15:46:27 CET 2010
Michael Meyer <mime at gmx.de> writes:
> *** Simon Josefsson <simon at josefsson.org> wrote:
>> Michael Meyer <mime at gmx.de> writes:
>
>> >> Michael can you try that? Also try %SSL3_RECORD_VERSION.
>> >
>> > gnutls-cli -p 5556 GFDGFDGSFD --priority "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT"
>> >
>> > That's it. It works. http://pastebin.com/m357f13b2
>>
>> Do you need all of them?
>
> Yes.
>
>> Try removing each of them until it breaks, and
>> until you have tried removing all items.
>
> I did. ;) If even one option is away, it no longer works.
Wow. Then it is the most broken TLS server I've heard of so far. I
wonder what TLS stack that is...
>> > Any hints how to make this work also with C-code? :) One of our
>> > C-Developers ask me that. We are looking for the best way to
>> > *always* get a connection in C? Even if there is something
>> > "strange" on the remote side.
>>
>> Call something like this:
>>
>> rc = gnutls_priority_set_direct (session, "NORMAL:%COMPAT....", NULL);
>>
>> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct
>> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init
>
> Ok. I'll pass the information to our C-developers. It seems that we
> need some deeper knowledge about GnuTLS in our project (http://openvas.org).
> Anybody interested to help? ;)
I'll certainly try to help by answering questions. Anything in
particular you need help with?
/Simon
More information about the Gnutls-help
mailing list