[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher |
Date: |
Sat, 31 Mar 2012 19:32:16 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16 |
On 03/30/2012 02:02 PM, Ted Zlatanov wrote:
> On Thu, 29 Mar 2012 20:22:31 -0400 Thomas Fitzsimmons <address@hidden> wrote:
>
> TF> Emacs allows overriding the default GnuTLS priority string using a
> TF> variable (gnutls-algorithm-priority) so I set it to "performance" to
> TF> work around this server-side issue. In cases where Emacs would
> TF> otherwise fail to connect to a server because of a weak ciphersuite
> TF> maybe the UI should warn the user and ask them whether or not to
> TF> proceed. Anyway, thanks for analyzing the logs.
> I don't think currently Emacs can distinguish this case from a normal
> negotiation failure. The best we can do is to generally suggest a
> weaker priority string, which seems to be a bad idea. Is there a way to
> determine that this case has occurred?
You cannot in general distinguish a negotiation with a broken server and
negotiation failure. What (I think) browsers do is if negotiation fails
they fallback to the most compatible mode (SSL 3.0 or so).
regards,
Nikos