Discussion:
[Help-gnutls] GNUTLS ERROR: A TLS fatal alert has been received.
Lennart Koopmann
2008-07-05 18:11:05 UTC
Permalink
Hello everyone,

i installed GNUTLS version 2.5.1 from hand because the one from the
Fedora repository is too old.
When i try to anonymous connect to a "gnutls-server --http" my client
returns:

*** Handshake failed
GNUTLS ERROR: A TLS fatal alert has been received.

The server says:

Error in handshake
Error: Could not negotiate a supported cipher suite.

Could you please help me with that? I don't really know how to proceed
now. I can upload the source code of my test program if you want. It's
mostly a copy & paste from the documentation. (7.3.1 Simple Client
Example with Anonymous Authentication)

[***@sundaysister Debug]$ ldd GNUTLSTest
[...]
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00111000)
[...]

Thank you all!

So long
Lennart

--
FSF Member #5673
Nikos Mavrogiannopoulos
2008-07-06 08:50:49 UTC
Permalink
Post by Lennart Koopmann
Hello everyone,
i installed GNUTLS version 2.5.1 from hand because the one from the
Fedora repository is too old.
When i try to anonymous connect to a "gnutls-server --http" my client
*** Handshake failed
GNUTLS ERROR: A TLS fatal alert has been received.
Error in handshake
Error: Could not negotiate a supported cipher suite.
Could you please help me with that? I don't really know how to proceed
now. I can upload the source code of my test program if you want. It's
mostly a copy & paste from the documentation. (7.3.1 Simple Client
Example with Anonymous Authentication)
For debugging you can use the -d 4 (or higher) option to gnutls-serv and
see with details what was the reason of failure. On your own program you
can use gnutls_global_set_log_function and gnutls_global_set_log_level.

regards,
Nikos
Nikos Mavrogiannopoulos
2008-07-06 09:02:09 UTC
Permalink
Post by Nikos Mavrogiannopoulos
Post by Lennart Koopmann
Hello everyone,
i installed GNUTLS version 2.5.1 from hand because the one from the
Fedora repository is too old.
When i try to anonymous connect to a "gnutls-server --http" my client
*** Handshake failed
GNUTLS ERROR: A TLS fatal alert has been received.
Error in handshake
Error: Could not negotiate a supported cipher suite.
Could you please help me with that? I don't really know how to proceed
now. I can upload the source code of my test program if you want. It's
mostly a copy & paste from the documentation. (7.3.1 Simple Client
Example with Anonymous Authentication)
For debugging you can use the -d 4 (or higher) option to gnutls-serv and
see with details what was the reason of failure. On your own program you
can use gnutls_global_set_log_function and gnutls_global_set_log_level.
But probably what you need is to run gnutls-serv with the option
--priority "NORMAL:+ANON-DH". To see other possibilities use the
gnutls-serv -l.

regards,
Nikos
Lennart Koopmann
2008-07-06 14:48:06 UTC
Permalink
Thank you again, Nikos! :)

The --priority "NORMAL:+ANON-DH" allows a connection with my anonymous
test client!

* connection from ::ffff:127.0.0.1, port 43292
- Anonymous Diffie-Hellman parameters
- Using prime: 1032 bits
- Secret key: 1023 bits
- Peer's public key: 1024 bits
- Version: TLS1.1
- Key Exchange: ANON-DH
- Cipher: CAMELLIA-256-CBC
- MAC: SHA1
- Compression: NULL

Best regards
Lennart
Post by Nikos Mavrogiannopoulos
Post by Nikos Mavrogiannopoulos
Post by Lennart Koopmann
Hello everyone,
i installed GNUTLS version 2.5.1 from hand because the one from the
Fedora repository is too old.
When i try to anonymous connect to a "gnutls-server --http" my client
*** Handshake failed
GNUTLS ERROR: A TLS fatal alert has been received.
Error in handshake
Error: Could not negotiate a supported cipher suite.
Could you please help me with that? I don't really know how to proceed
now. I can upload the source code of my test program if you want. It's
mostly a copy & paste from the documentation. (7.3.1 Simple Client
Example with Anonymous Authentication)
For debugging you can use the -d 4 (or higher) option to gnutls-serv and
see with details what was the reason of failure. On your own program you
can use gnutls_global_set_log_function and gnutls_global_set_log_level.
But probably what you need is to run gnutls-serv with the option
--priority "NORMAL:+ANON-DH". To see other possibilities use the
gnutls-serv -l.
regards,
Nikos
Loading...