[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls error



At Sun, 07 Oct 2012 22:44:53 +0100,
Francesco Mazzoli wrote:
>
> At Sun, 07 Oct 2012 19:41:17 +0200,
> David Maus wrote:
> > You could try to connect to the server on the command line and use
> > GnuTLS with the `--verbose' option.
> >
> > E.g.
> >
> > gnutls-cli --verbose --port PORT --insecure --x509cafile /etc/ssl/certs/ca-certificates.crt HOST
> >
> > And check the verbose program output.
>
> Right, thanks for the suggestion.
>
> What I get:
>
>     $ gnutls-cli --verbose --port <port> --insecure --x509cafile /etc/ssl/certs/ca-certificates.crt <host>
>     Processed 152 CA certificate(s).
>     Resolving 'smtp.rabbitmq.com'...
>     Connecting to '<host_address>'...
>     |<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data
>     |<1>| Received record packet of unknown type 50
>     *** Fatal error: An unexpected TLS packet was received.
>     No certificates found!

I remember to have a problem with GnuTLS and a remote server with a
Diffie-Hellman key of only 512 bit lenght some time ago. IIRC back
then GnuTLS did not support DH keys with such a short length and I got
the problem fixed by sending a polite mail to the mail server
administrator who fixed the issue in no time.

The second message (unknown type 50) sounds interesting, too. Sadly a
quick google for the error message only finds this thread on gmane.

Best,
  -- David
--
OpenPGP... 0x99ADB83B5A4478E6
Jabber.... dmjena@jabber.org
Email..... dmaus@ictsoc.de

Attachment: pgpr2TbpOUdpu.pgp
Description: OpenPGP Digital Signature