Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC

From:	Nikos Mavrogiannopoulos
Subject:	Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher
Date:	Mon, 2 Apr 2012 17:46:30 +0200

2012/4/2 Ted Zlatanov <address@hidden>:

> NM> You cannot in general distinguish a negotiation with a broken server and
> NM> negotiation failure. What (I think) browsers do is if negotiation fails
> NM> they fallback to the most compatible mode (SSL 3.0 or so).
> So you're suggesting to try a weaker (more compatible) priority string,
> right?  We could do that per server name.  Considering we have just one
> bug report on this and from a broken server, I'm not sure it's worth the
> effort to automate the fallback.  In your experience, is this a
> widespread problem worth addressing through code, or is it better as a
> FAQ?

Experience has shown that there are quite many broken servers [0]
out there, so we'd encourage applications to have a fallback strategy.
Whether that would include manual intervention of the user or not is not
as important.

regards,
Nikos

[0]. http://tools.ietf.org/id/draft-pettersen-tls-interop-experience-00.txt

[Prev in Thread]

Current Thread

[Next in Thread]

Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher, Ted Zlatanov, 2012/04/02
- Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher, Nikos Mavrogiannopoulos <=

Prev by Date: Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher
Next by Date: gnutls 3.0.18
Previous by thread: Re: gnutls-cli fails to handshake with Exchange server that uses DES-CBC3-SHA cipher
Next by thread: gnutls 3.0.18
Index(es):
- Date
- Thread