gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sr #107532] gnutls-cli-debug [incorrecttly] reports SRP support for Win

From: Jeffrey Walton
Subject: [sr #107532] gnutls-cli-debug [incorrecttly] reports SRP support for Windows Server 2003/IIS 6.0
Date: Mon, 22 Nov 2010 08:07:28 +0000
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.04 (lucid) Firefox/3.6.12 
URL:
  <http://savannah.gnu.org/support/?107532>

                 Summary: gnutls-cli-debug [incorrecttly] reports SRP support
for Windows Server 2003/IIS 6.0
                 Project: GnuTLS
            Submitted by: noloader
            Submitted on: Mon 22 Nov 2010 08:07:27 AM GMT
                Category: None
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

I believe "Checking for SRP authentication support (TLS extension)... yes' is
incorrect. The actual target of the probe was redacted below.

$ gnutls-cli-debug -p 443 www.example.com
Resolving 'www.example.com'...
Connecting to 'www.xxx.yyy.zzz:443'...
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... TLS 1.0
Checking for TLS 1.0 support... yes
Checking for SSL 3.0 support... yes
Checking for HTTPS server name... not checked
Checking for version rollback bug in RSA PMS... no
Checking for version rollback bug in Client Hello... no
Checking whether we need to disable TLS 1.0... N/A
Checking whether the server ignores the RSA PMS version... yes
Checking whether the server can accept Hello Extensions... yes
Checking whether the server can accept cipher suites not in SSL 3.0 spec...
yes
Checking whether the server can accept a bogus TLS record version in the
client hello... yes
Checking for certificate information... N/A
Checking for trusted CAs... N/A
Checking whether the server understands TLS closure alerts... no
Checking whether the server supports session resumption... yes
Checking for export-grade ciphersuite support... yes
Checking RSA-export ciphersuite info... N/A
Checking for anonymous authentication support... no
Checking anonymous Diffie-Hellman group info... N/A
Checking for ephemeral Diffie-Hellman support... no
Checking ephemeral Diffie-Hellman group info... N/A
Checking for AES cipher support (TLS extension)... no
Checking for CAMELLIA cipher support (TLS extension)... no
Checking for 3DES cipher support... yes
Checking for ARCFOUR 128 cipher support... yes
Checking for ARCFOUR 40 cipher support... yes
Checking for MD5 MAC support... yes
Checking for SHA1 MAC support... yes
Checking for LZO compression support (GnuTLS extension)... no
Checking for max record size (TLS extension)... no
Checking for SRP authentication support (TLS extension)... yes
Checking for OpenPGP authentication support (TLS extension)... no





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107532>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]