Error running auto-key-locate wkd in Windows 10
Ingo Klöcker
kloecker at kde.org
Fri Mar 27 15:42:39 CET 2020
On Freitag, 27. März 2020 09:48:01 CET Werner Koch via Gnupg-users wrote:
> That is: "Fatal alert message received" which comes from the TLS
> layer. To see the actual cause you need to add
>
> log-file /some/file
> tls-debug 2
>
> or a higher level to dirmngr.conf and "gpgconf --reload dirmngr". For
> me a
>
> gpg --locate-external-keys -v torbrowser at torproject.org
>
> (--locate-external-key is easier to type than yours. It excludes the
> local keys and thus always goes out to the WKD) then gives:
>
> DBG: ntbtls(2): got an alert message, type: [2:40]
> DBG: ntbtls(1): is a fatal alert message (msg 40)
> DBG: ntbtls(1): (handshake failed)
> DBG: ntbtls(1): read_record returned: Fatal alert message received <TLS>
> DBG: ntbtls(2): handshake ready
> TLS handshake failed: Fatal alert message received <TLS>
> error connecting to 'https://openpgpkey.tor[...]
>
> A reason for the failed handhake might be that no common parameters
> could be found.
Probably, no matching cipher suite. According to ssllabs.com/ssltest
openpgpkey.torproject.org (well, at least one of the actual servers) only
supports the following cipher suites:
# TLS 1.3 (server has no preference)
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
# TLS 1.2 (server has no preference)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
I think none of those matches any of those in the output of ntbtls in your
message.
Regards,
Ingo
More information about the Gnupg-users
mailing list