Startup troubles
Teddy Hogeborn
teddy at recompile.se
Thu Jun 7 15:40:34 CEST 2012
Dick Middleton <dick at fouter.net> writes:
> What I have found is that your !VERS-TLS1.2 suggestion doesn't
> help. However when I use a key length of 1024 bits rather than 2048
> for the DSA keys it does work.
Very odd. I would run gnutls-serv and gnutls-cli, both with the
"--debug 11" flag, save the output, and open a bug report to either the
Debian libgnutls package, or directly to the GnuTLS bug tracker.
(Also, I would recommend using RSA keys instead of DSA, as opposed to
decreasing the key length.)
> I have seen cautions about using long key lengths for DSA with TLS
Yes, but that's only because, allegedly, the TLS standard is vague about
what to do in that case. When both sides use GnuTLS it should not be an
issue.
> but it puzzles me that it's only me having problems with the mandos
> default settings.
Me too. It couldn't be your Via c7 haunting us again, would it?
> Oh well, I think I'll give up there. I'm not convinced it's a bug with
> gnutls, although I wouldn't rule it out, and mandos is working.
Since the problem can be reproduced using only gnutls-serv and
gnutls-cli, I'm leaning towards GnuTLS being the culprit here.
/Teddy Hogeborn
--
Systemadministratör på Nordisk Media Utveckling AB
https://www.nmugroup.com/ tel:040-304770
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20120607/ab7bed7c/attachment-0001.pgp>
More information about the Mandos-Dev
mailing list