[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls error



At Sun, 07 Oct 2012 19:41:17 +0200,
David Maus wrote:
> You could try to connect to the server on the command line and use
> GnuTLS with the `--verbose' option.
> 
> E.g.
> 
> gnutls-cli --verbose --port PORT --insecure --x509cafile /etc/ssl/certs/ca-certificates.crt HOST
> 
> And check the verbose program output.

Right, thanks for the suggestion.

What I get:

    $ gnutls-cli --verbose --port <port> --insecure --x509cafile /etc/ssl/certs/ca-certificates.crt <host>
    Processed 152 CA certificate(s).
    Resolving 'smtp.rabbitmq.com'...
    Connecting to '<host_address>'...
    |<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data
    |<1>| Received record packet of unknown type 50
    *** Fatal error: An unexpected TLS packet was received.
    No certificates found!
    *** Handshake has failed
    GnuTLS error: An unexpected TLS packet was received.

Which is quite cryptic.

On the other hand, this

    openssl s_client -starttls smtp -crlf -connect <host>

succeeds.  So maybe openssl would work.  But I remember it not working for an
IMAP server...

--
Francesco * Often in error, never in doubt