On Wed, Dec 26, 2012 at 3:05 PM, Darko K. <[email protected]> wrote: > Hi all, > > let me start with a bit of a background regarding the problem I am > facing. ISP started enforcing SMTP authentication recently and of > course I want to use the encrypted channel for sending my password > over the line. Mail user agent of my choice (Claws Mail) uses GnuTLS for > encrypted communication. So I thought it would be as simple as enabling > SMTP authentication and SSL but it turned out it does not work, I > always get SSL handshake failed error. > > ISP's technical support stated that their server does not support TLS > 1.1 nor TLS 1.2 so I thought I just need to set a correct priority > string. I am using GnuTLS versions 3.0.20 and 3.1.5 for my experiments. > I have attached the output of gnutls-cli-debug when connecting to the > server in question.
Hello, This is quite an understatement. Your ISP's server breaks if the client supports TLS 1.1 or TLS 1.2, and any other cipher than ARCFOUR. If it wouldn't support them it would just negotiate an earlier version of the protocol. Try: NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128:%COMPAT regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
