[Pkg-gnutls-maint] Help with exim4 #390712, interaction with mobile phones

Marc Haber mh+pkg-gnutls-maint at zugschlus.de
Sat Jan 6 14:53:03 CET 2007

On Thu, Jan 04, 2007 at 08:55:14PM +0000, James Westby wrote:
> On (03/01/07 16:55), Marc Haber wrote:
> > On Thu, Dec 21, 2006 at 06:24:29PM +0000, James Westby wrote:
> > > On (21/12/06 15:14), Marc Haber wrote:
> > > > I have sent you tcpdumps in private mail of one successful connection
> > > > and one failed connection. In my opinion, the wireshark analysis of
> > > > these dump is quite inconclusive, but you know much more about TLS
> > > > than I do.
> > > 
> > > Thanks for those. I will try and look at them soon. I didn't expect they
> > > would show much, but I thought it was worth a look.
> > 
> > Any news here?
> Sorry, the festive period got in the way. I will try and return to this
> problem this weekend.

No problem, just get back to me when there is something new.

> > > > I appreciate your efforts and thank you for leading me through the
> > > > debugging process, which has been so far a great experience for me and
> > > > has greatly improved my knowledge of the tools.
> > > 
> > > It has greatly increased my knowledge as well. I am going to draft a
> > > mail to upstream now to see if they have any bright ideas, but I don't
> > > think there will be a quick response at this time, and I wont be around
> > > for a few days to work with them if they do respond.
> > 
> > Did you already write there?
> http://lists.gnupg.org/pipermail/gnutls-dev/2006-December/001324.html
> I tried to Cc: you, but now I see it is your debian bugs address, so
> maybe it ended up in a spam folder or something.

I must have missed that, which is entirely possible. I have read
Simon's answer now, and do not have too much clue what to do now.
Unfortunately, I do not own a misbehaving phone, so I need to ask a
friend of mine to try.

It would probably be a nice idea to see which parameters are
negotiated with openssl. Does openssl have a server test mode like

> Simon mentioned that there was a patch that might be relevant that went
> in recently. The version in sid has the patch I believe, so can you
> confirm that you have the most up to date version?

I have just repeated the test with
ii  gnutls-bin          1.4.4-3        the GNU TLS library - commandline utilities
ii  libgnutls13         1.4.4-3        the GNU TLS library - runtime library
and SHA-1 is still causing trouble. Any more package versions you want
to see tested?


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Pkg-gnutls-maint mailing list