On 09/01/2012 01:42 AM, brian m. carlson wrote: > I've recently moved my mail server to running postfix, and as a result, > am now able to provide an EC key and certificate for TLS (the > certificate is signed by my local RSA CA). However, when I try to > connect to postfix either using gnutls-cli or mutt (linked against > 3.0.22), gnutls provides the following error: > > *** Fatal error: An algorithm that is not enabled was negotiated. > > This seems odd to me, since OpenSSL is very happy to make the > connection (as the client), and the algorithm that was negotiated is > ECDHE_ECDSA_AES_128_GCM_SHA256, which I'm pretty sure both GnuTLS and > OpenSSL support. It also is odd that the complaint doesn't happen until > GnuTLS tries to verify the signature; shouldn't it die sooner if the > server picks an algorithm that it doesn't support?
I've pushed a patch to make gnutls more tolerant in ECDSA violations. Does this fix the issue for you? http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=5bd518deaab699d46164f9e82744f482f3dabde7 regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
