Startup troubles

[Dick Middleton]

On 06/05/12 18:24, Teddy Hogeborn wrote:

Thanks for your answers.  I can see that the only significant problem is gnutls.

>> I tried generating RSA keys instead of the default DSA keys and it
>> works now.
> 
> Right.  That definitely points to GnuTLS having problems.  Can the
> gnutls-cli command connect to a running gnutls-serv?  Does gnutls-serv
> handle the --priority "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP" option?

I can't get these utilities to talk.  That is almost certainly because I have
no idea what I'm doing :-(

gnutls-serv accepts the --priority option without complaint.  Is that the only
option I need?

On the client side I'm just passing the mandos key files:

 --pgpcertfile /etc/keys/mandos/pubkey.txt
 --pgpkeyfile /etc/keys/mandos/seckey.txt

but they don't complete the handshake.
Error: Could not negotiate a supported cipher suite

I'm guessing I need to set other options to do this.

> If not - then this is a GnuTLS problem, not ours.

> Might you have altered the priority string of the Mandos server in
> mandos.conf?

No.  It's commented out.


Another question.  What happens after timeout expires (client disappears)?
Does the server just disable the client i.e. can it be re-enabled with mandos-cli?

I'm using this on a workstation rather than server so it disappears often for
indefinite periods.  Can the timeout/checking be disabled?

Dick