Debugging connection failure (GnuTLS TLS alert)?
darkrain42 at pidgin.im
Fri Mar 26 13:58:58 EDT 2010
On 2010-03-26 10:15, Sebastian Kayser wrote:
> Sure. Full output can be found on . Here's the output excluding the
> longish certificate information.
> Resolving 'xmpp.company.com'...
> Connecting to 'x.x.x.x:5223'...
> Checking for TLS 1.1 support... no
> Checking fallback from TLS 1.1 to... failed
> Checking for TLS 1.0 support... no
> Checking for SSL 3.0 support... yes
> Checking for HTTPS server name... failed
> Checking for version rollback bug in RSA PMS... yes
> Checking for version rollback bug in Client Hello... N/A
> Checking whether we need to disable TLS 1.0... yes
This is probably the issue.
We don't disable TLS 1.0 support (IOW, it's enabled by default), and the
server's SSL library appears antiquated (side note: what software is it
running and, if you know, what SSL library/version?) We also don't have
a mechanism to allow users to disable TLS 1.0 (either per-connection or
Just to make sure (I can't remember what exactly current versions of
GnuTLS send by default), could you get a packet capture of an attempt to
connect? This will contain the identifying information about your
domain, so if you're willing to do this, you can send it directly to me.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 897 bytes
Desc: OpenPGP digital signature
More information about the Support