On 2010-03-26 10:15, Sebastian Kayser wrote: > Sure. Full output can be found on [1]. Here's the output excluding the > longish certificate information. > > Resolving 'xmpp.company.com'... > Connecting to 'x.x.x.x:5223'... > Checking for TLS 1.1 support... no > Checking fallback from TLS 1.1 to... failed > Checking for TLS 1.0 support... no > Checking for SSL 3.0 support... yes > Checking for HTTPS server name... failed > Checking for version rollback bug in RSA PMS... yes > Checking for version rollback bug in Client Hello... N/A > Checking whether we need to disable TLS 1.0... yes
This is probably the issue. We don't disable TLS 1.0 support (IOW, it's enabled by default), and the server's SSL library appears antiquated (side note: what software is it running and, if you know, what SSL library/version?) We also don't have a mechanism to allow users to disable TLS 1.0 (either per-connection or globally). Just to make sure (I can't remember what exactly current versions of GnuTLS send by default), could you get a packet capture of an attempt to connect? This will contain the identifying information about your domain, so if you're willing to do this, you can send it directly to me. ~P
signature.asc
Description: OpenPGP digital signature
_______________________________________________ [email protected] mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
