gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC


From: Nikos Mavrogiannopoulos
Subject: Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher
Date: Sat, 31 Mar 2012 19:32:16 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16

On 03/30/2012 02:02 PM, Ted Zlatanov wrote:

> On Thu, 29 Mar 2012 20:22:31 -0400 Thomas Fitzsimmons <address@hidden> wrote: 
> 
> TF> Emacs allows overriding the default GnuTLS priority string using a
> TF> variable (gnutls-algorithm-priority) so I set it to "performance" to
> TF> work around this server-side issue.  In cases where Emacs would
> TF> otherwise fail to connect to a server because of a weak ciphersuite
> TF> maybe the UI should warn the user and ask them whether or not to
> TF> proceed.  Anyway, thanks for analyzing the logs.
> I don't think currently Emacs can distinguish this case from a normal
> negotiation failure.  The best we can do is to generally suggest a
> weaker priority string, which seems to be a bad idea.  Is there a way to
> determine that this case has occurred?


You cannot in general distinguish a negotiation with a broken server and
negotiation failure. What (I think) browsers do is if negotiation fails
they fallback to the most compatible mode (SSL 3.0 or so).

regards,
Nikos



reply via email to

[Prev in Thread] Current Thread [Next in Thread]