Nicolas Leclercq wrote...
Clients can connect to both nodes with SSL enabled (tested with irssi or znc), but the 2 servers does not want to talk together : SSL error: Could not negotiate a supported cipher suite. [gnutls_handshake]
Packages version :
libgnutls26 2.12.23-1ubuntu1.1
This is a bug in gnutls, I recently ran into that one, too: http://arthur.barton.de/pipermail/ngircd-ml/2013-November/000682.html
There's a Debian bug report about it: http://bugs.debian.org/708174, No such thing in Ubuntu AFAICS, or Launchpad hates me.
Unfortunately, the gnutls sources aren't very friendly for some bisecting to identify the fix and backport it if possible. So, you'll have to work around it.
Your options (read: Pick just one):
* Configure CipherList manually, either by lowering (potential security breach) to "NORMAL" or even "EXPORT", or increasing to SECURE256. I'd try the latter first unless some clients cannot deal with it: This setting affects both client connect and server interconnect.
* Re-compile ngircd with OpenSSL linkage.
* Re-compile and patch the s2s connecting code to use a different cipher selection. Um, yes, that works. Not a very nice idea, though.
[Server] PeerPassword = toto MyPassword = tata
Not the real passwords, I hope ...
Regards,
Christoph --