[Help-gnutls] gnutls-serv command line problem

[joseph . ng]

Hi 

I am new to GnuTLS. On my PC I have installed Window GnuTLS 2.2.1.

When I issue the following command: 

G:\my_server>gnutls-serv --http --x509fmtder --x509cafile IM-11-cert.der
--x509certfile EU-0-cert.der --x509keyfile EU-0-key.txt -g --comp NULL
--protocols TLS1.0 SSL3.0 -a --kx RSA 

I got: 

This method of specifying algorithms is deprecated. Please use the --priority
option. 

Q1. I have tried a number of things but couldn't figure out what's wrong
with the command line. Could you please tell me what is deprecated?


Started up the server with the above command, I then try to start a client
with: 

G:\my_client>gnutls-cli -p 5556 localhost --crlf

and I got the following from the server: 

..... 
|<2>| ASSERT: ../../../src/gnutls-2.2.1/lib/gnutls_x509.c:1087
|<3>| HSK[a32570]: Removing ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[a32570]: Removing ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[a32570]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[a32570]: Removing ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[a32570]: Removing ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[a32570]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[a32570]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<2>| ASSERT: ../../../src/gnutls-2.2.1/lib/gnutls_handshake.c:704
|<2>| ASSERT: ../../../src/gnutls-2.2.1/lib/gnutls_handshake.c:462
|<2>| ASSERT: ../../../src/gnutls-2.2.1/lib/gnutls_handshake.c:2014
|<2>| ASSERT: ../../../src/gnutls-2.2.1/lib/gnutls_handshake.c:2542
|<6>| BUF[HSK]: Cleared Data from buffer
Error in handshake 
Error: Could not negotiate a supported cipher suite.
|<4>| REC: Sending Alert[2|40] - Handshake failed
|<4>| REC[a32570]: Sending Packet[0] Alert(21) with length: 2
.... 

and the following from the client: 

... 
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed 
*** Handshake has failed 
GNUTLS ERROR: A TLS fatal alert has been received.
... 

Q2. I thought it would finished with TLS_RSA_AES_128_CBC_SHA1 (0x00, 0x2f),
but it didn't. Could you please tell me what's gone wrong with that? 


Thank you very much in anticipation. 


Regards, 
---------------
Joseph Ng

Discover tomorrow's technology on today's phones... Visit the Symbian Stand, 8A77, Hall 8, at Mobile World Congress 2008, 11-14 February, Barcelona, Spain

---

**********************************************************************
Symbian Software Ltd is a company registered in England and Wales with registered number 4190020 and registered office at 2-6 Boundary Row, Southwark, London,  SE1 8HP, UK. This message is intended only for use by the named addressee and may contain privileged and/or confidential information. If you are not the named addressee you should not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify address@hidden and delete the message and any attachments accompanying it immediately. Neither Symbian nor any of its Affiliates accepts liability for any corruption, interception, amendment, tampering or viruses occurring to this message in transit or for any message sent by its employees which is not in compliance with Symbian corporate policy. 
**********************************************************************