Re: [Help-gnutls] Connecting to news.mozilla.org:563?

[Nikos Mavroyanopoulos]

On Sat, Mar 22, 2003 at 05:32:39PM +0100, Simon Josefsson wrote:

> Any ideas on why news.mozilla.org doesn't work?
> address@hidden:~$ gnutls-cli -p 563  news.mozilla.org
> Resolving 'news.mozilla.org'...
> Connecting to '204.29.187.156:563'...
> *** Received alert [40]: Handshake failed
> *** Handshake has failed
> GNUTLS ERROR: A TLS fatal alert has been received.
> address@hidden:~$

I've run the gnutls-cli-debug in the server and I think that
this is a quite old/broken server (that only supports export grade
encryption). That server seems to work properly if he gets an 
SSL 2.0 client hello which gnutls does not send.

Checking for TLS 1.0 support... no
Checking for SSL 3.0 support... yes
Checking for version rollback bug in RSA PMS... yes
Checking for version rollback bug in Client Hello... dunno
Checking whether we need to disable TLS 1.0... yes
Checking whether the server ignores the RSA PMS version... yes
Checking whether the server can accept Hello Extensions... yes
Checking whether the server can accept cipher suites not in SSL 3.0 spec... no
Checking for certificate information...
[...] 
Checking whether the server understands TLS closure alerts... no
Checking whether the server supports session resumption... no
Checking for export-grade ciphersuite support... yes
Checking for anonymous authentication support... no
Checking for anonymous Diffie Hellman prime size... N/A
Checking for ephemeral Diffie Hellman support... no
Checking for ephemeral Diffie Hellman prime size... N/A
Checking for AES cipher support... no
Checking for 3DES cipher support... no
Checking for ARCFOUR cipher support... no
Checking for MD5 MAC support... yes
Checking for SHA1 MAC support... no
Checking for max record size (TLS extension)... no
Checking for SRP authentication support (TLS extension)... no
Checking for OpenPGP authentication support (TLS extension)... no

-- 
Nikos Mavroyanopoulos