Startup troubles
Dick Middleton
dick at fouter.net
Tue Jun 5 22:07:21 CEST 2012
On 06/05/12 18:24, Teddy Hogeborn wrote:
Thanks for your answers. I can see that the only significant problem is gnutls.
>> I tried generating RSA keys instead of the default DSA keys and it
>> works now.
>
> Right. That definitely points to GnuTLS having problems. Can the
> gnutls-cli command connect to a running gnutls-serv? Does gnutls-serv
> handle the --priority "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP" option?
I can't get these utilities to talk. That is almost certainly because I have
no idea what I'm doing :-(
gnutls-serv accepts the --priority option without complaint. Is that the only
option I need?
On the client side I'm just passing the mandos key files:
--pgpcertfile /etc/keys/mandos/pubkey.txt
--pgpkeyfile /etc/keys/mandos/seckey.txt
but they don't complete the handshake.
Error: Could not negotiate a supported cipher suite
I'm guessing I need to set other options to do this.
> If not - then this is a GnuTLS problem, not ours.
> Might you have altered the priority string of the Mandos server in
> mandos.conf?
No. It's commented out.
Another question. What happens after timeout expires (client disappears)?
Does the server just disable the client i.e. can it be re-enabled with mandos-cli?
I'm using this on a workstation rather than server so it disappears often for
indefinite periods. Can the timeout/checking be disabled?
Dick
More information about the Mandos-Dev
mailing list