help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: SMTP TLS & Thunderbird

From: Simon Josefsson
Subject: [Help-gnutls] Re: SMTP TLS & Thunderbird
Date: Wed, 07 Feb 2007 07:35:40 +0100
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) 
David Given <address@hidden> writes:

> I'm trying to use GNUTLS to implement TLS functionality on an SMTP daemon I've
> got. It's nearly working really well; the example in 7.4.5 was really useful.
>
> I've implemented the code in the server to do the TLS handshake, and
> everything works fine when I connect to it with gnutls-cli. Unfortunately,
> when I try it with real data, using Thunderbird, it doesn't work. Handshake
> fails with "Could not negotiate a supported cipher suite."
>
> Thunderbird appears to be using OpenSSL. GNUTLS *does* work with OpenSSL,
> right? If so, can anyone offer any suggestions as to what might be going on,
> and how to fix it?
>
> This is with GNUTLS 1.4.0-3ubuntu1 on Ubuntu Edgy Eft and Thunderbird 1.5.0.9.

That error happens if the server doesn't offer a ciphersuite that the
client can accept.  Often this is caused by missing X.509 CA and/or
server certificate.  Check with 'gnutls-cli' what key exchange is
negotiated.  If it is ANON, most clients will refuse to talk to you.

Btw, example 7.4.5 is for anonymous authentication, try 7.4.1 instead.
It is easy to change things, just add a X.509 credential and assign it
to the session.

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]