Alexander Barton wrote...
»We proudly present … ngIRCd 21!«
... and there's a problem in s2s connections using GnuTLS. Handshake fails with
Target: | SSL error: Could not negotiate a supported cipher suite. [gnutls_handshake]. and subsequently initiator: | SSL error: A TLS packet with unexpected length was received. [gnutls_handshake].
As far as I understand the code and captured traffic, setting the cipher list using gnutls_priority_set in ConnSSL_Init_SSL has no effect. The ciphers offered in the TLS "Client Hello" packet are weak and appearently it's to late for cipher negotiation.
Workarounds:
* Disable "SSLConnect". Know the drawbacks. * Lower the cipher strength by e.g. "CipherList = EXPORT". Probably even worse. * Re-compile using OpenSSL.
Christoph