Client / Server communication issues
Teddy Hogeborn
teddy at recompile.se
Sat Jan 18 00:41:07 CET 2014
"Nathanael D. Noblet" <nathanael at gnat.ca> writes:
> #1 - It seems the mandos client never stops trying to communicate
> with a server. There seems to be only two ways for the client to end
> communications - receiving a SIGTERM or getting the password. It would
> seem good if we could ask the client to cease communicating after a
> certain number of attempts. The current dracut crypt module passes a
> number of tries for both the plymouth and consoles. One thing to note
> this applies more to the long term servers like CentOS and friends. As
> such I've created a patch as a proof of concept. I actually haven't
> tested it because I'm getting stuck on the issue below. However for
> dracut it might be nice to die after a configurable number of tries.
I could easily implement that; what is the normal command line switch
for this?
> #2 - I seem to have tls handshake issues depending on what
> client/server is being used. Originally I thought I had everything
> fixed by removing some of the lines in the default priority on the
> server so that it was only SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP. This
> seemed to allow a ubuntu client to talk to a fedora server. The same
> server has a handshake issue when a centos client tries talking to
> it. The client is running 1.6.2. Oddly enough that very same client
> can successfully talk to a CentOS server. Everything is running 1.6.2
> except for ubuntu which has 1.6.0.
>
> Server Ubuntu(1.6.0) Centos(1.6.2)
> F20(1.6.2) Yes No
> CentOS(1.6.2) Yes Yes
Those are entirely GnuTLS-related; we have very little hope of fixing
these. You could verify this by reproducing the problem entirely with
GnuTLS-internal tools gnutls-cli and gnutls-serv. (Note that gnutls-cli
should be run on the Mandos *server* and gnutls-serv on the Mandos
*client*.)
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20140118/28caf47f/attachment.sig>
More information about the Mandos-Dev
mailing list