I also verified this against gnutls-2.12.11, as both client and server: When using NULL cipher suites: - The 3.0.5 client cannot talk to the 2.12.11 server - The 2.12.11 client cannot talk to 3.0.5 server.
-- Fabrice On Thu, Nov 3, 2011 at 5:59 PM, Fabrice Gautier <[email protected]> wrote: > Hi, > > I get decryption error when using NULL-MD5 or NULL-SHA1 cipher suites > when using gnutls-serv, and connecting with a openssl client. > > Server is started that way: > > $ gnutls-serv --http --x509cafile x509-ca.pem --x509keyfile > x509-server-key.pem --x509certfile x509-server.pem --priority > "NORMAL:+ANON-DH:+NULL" > > The openssl s_client is started that way: > > $ openssl s_client -cipher NULL-SHA -connect localhost:5556 > > > This is what I get from the gnutls logs: > > > * Accepted connection from IPv4 127.0.0.1 port 53650 on Thu Nov 3 17:23:51 > 2011 > > * Successful handshake from IPv4 127.0.0.1 port 53650 > - Session ID: > 26:C8:6A:7B:CE:F2:99:0B:19:1F:90:90:D8:58:73:60:99:BF:8D:DE:1B:7B:77:A2:80:54:65:11:D0:A8:5F:94 > - Certificate type: X.509 > - Could not verify certificate (err: The peer did not send any certificate.) > - Version: TLS1.0 > - Key Exchange: RSA > - Cipher: NULL > - MAC: SHA1 > - Compression: NULL > Error while receiving data > > > > From the openssl side I get an error as well: > > 140735311722940:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption > failed or bad record mac:s3_pkt.c:479: > > > I believe it worked fine when I was using gnutls-2.12. I used both > openssl 0.9.8r and 1.0.0e for the client side. > > > Any known issue there ? > > -- Fabrice > _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
