[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] Need help debugging pan + gnutls-3.x.x
|
From: |
walt |
|
Subject: |
Re: [Pan-users] Need help debugging pan + gnutls-3.x.x |
|
Date: |
Thu, 13 Dec 2012 16:11:11 -0800 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20121128 Thunderbird/18.0 |
Duncan: I posted this reply on 12-11 but AFAICT it never reached the mailing
list, so this is my second try--with fingers crossed:
On 12/11/2012 02:45 AM, Duncan wrote:
The broken/working/broken bit MAY be the NSP's server, serving different
>certs depending on what front-end you connect to.
I still think that may be it...
Aha! Good guess :) I'm not yet certain how many different keys I may be
getting from the same IP address (it's always the same address) but there
are at least two -- the broken one is RSA512 (weak) and the working one is
RSA1024.
Mind you, gnutls-2.x.x accepts both of those keys without problem, so
gnutls-3 must be doing something different with the 512-bit key. I'm
still struggling with pan's gnutls code, so I don't know yet if pan is
asking gnutls to report on the cipher strength. Now that I understand
what's happening I may be able to find the relevant piece of pan's code
and puzzle it out.
Thanks, as always, for being a good observer :)