Installing 1.8.9 TLS error
Jesse Norell
jesse at kci.net
Mon Nov 11 21:32:52 CET 2019
On Mon, 2019-11-11 at 18:16 +0000, Dick Middleton wrote:
> Hi,
>
> I'm just updating my workstation to Debian Buster. I've
> installed mandos
> 1.8.9. My mandos server however is still running 1.7.1 and when I
> try testing
> mandos-client the server reports a (dreaded) TLS error:
>
> Mandos [26951]: WARNING: Handshake failed: The TLS connection was
> non-properly
> terminated.
>
> Is it possible to work with this combination of versions?
No, you'll need a 1.8 server with newer gnutls (eg. a server running
buster) to support buster clients. See
https://mail.recompile.se/pipermail/mandos-dev/2019-February/000391.html
> Is this a known problem?
>
> Any suggestions?
We upgrading, we had 2 < buster servers, and all < buster clients. I
first upgraded one server to buster, then started upgrading clients one
by one, and finally upgrade the other server. When a client is
upgraded to buster, part of the mandos-client package update will
generate a new tls keypair, and you need to add the key_id line for
that client to the clients.conf on your server(s) (refer to above
release announcement).
--
Jesse Norell
Kentec Communications, Inc.
970-522-8107 - www.kci.net
More information about the Mandos-Dev
mailing list