[Csync2] Making SSL errors more helpful
Andreas J. Koenig
andreas.koenig.gmwojprw at franz.ak.mind.de
Mon Oct 9 09:49:30 CEST 2006
>>>>> On Sun, 8 Oct 2006 20:58:33 -0400, Ben Klang <ben at alkaloid.net> said:
> That being said, maybe I can ask for some advice. I attempted to use my
> pre-existing SSL certificate for the server that I have generated with a
> certificate authority (ie. not self-signed). While using this cert, I'm
> getting the error back: "The cipher type is unsupported." from the GNUTLS
> library. Does anyone have any advice on that?
I took a pragmatic approach to this problem: I decided that a cronjob
between two machines should never be driven by an arbitrary expiration
date of a certificate. It's an obstacle that does not increase
security. So I sign all my csync certificates myself and set the
expiration to int((2**31-1-time)/86400), i.e. the longest timespan
that openssl currently allows on 32bit machines (which yields January
2038).
Hope this helps,
--
andreas
More information about the Csync2
mailing list