At Sun, 07 Oct 2012 22:44:53 +0100, Francesco Mazzoli wrote: > > At Sun, 07 Oct 2012 19:41:17 +0200, > David Maus wrote: > > You could try to connect to the server on the command line and use > > GnuTLS with the `--verbose' option. > > > > E.g. > > > > gnutls-cli --verbose --port PORT --insecure --x509cafile /etc/ssl/certs/ca-certificates.crt HOST > > > > And check the verbose program output. > > Right, thanks for the suggestion. > > What I get: > > $ gnutls-cli --verbose --port <port> --insecure --x509cafile /etc/ssl/certs/ca-certificates.crt <host> > Processed 152 CA certificate(s). > Resolving 'smtp.rabbitmq.com'... > Connecting to '<host_address>'... > |<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data > |<1>| Received record packet of unknown type 50 > *** Fatal error: An unexpected TLS packet was received. > No certificates found! I remember to have a problem with GnuTLS and a remote server with a Diffie-Hellman key of only 512 bit lenght some time ago. IIRC back then GnuTLS did not support DH keys with such a short length and I got the problem fixed by sending a polite mail to the mail server administrator who fixed the issue in no time. The second message (unknown type 50) sounds interesting, too. Sadly a quick google for the error message only finds this thread on gmane. Best, -- David -- OpenPGP... 0x99ADB83B5A4478E6 Jabber.... dmjena@jabber.org Email..... dmaus@ictsoc.de
Attachment:
pgpr2TbpOUdpu.pgp
Description: OpenPGP Digital Signature