Error running auto-key-locate wkd in Windows 10

gus gus at torproject.org
Sat Mar 28 03:37:52 CET 2020 

On Fri, Mar 27, 2020 at 03:42:39PM +0100, Ingo Klöcker wrote:
> On Freitag, 27. März 2020 09:48:01 CET Werner Koch via Gnupg-users wrote:
> > That is: "Fatal alert message received" which comes from the TLS
> > layer.  To see the actual cause you need to add
> > 
> >   log-file /some/file
> >   tls-debug 2
> > 
> > or a higher level to dirmngr.conf and "gpgconf --reload dirmngr".  For
> > me a
> > 
> >   gpg --locate-external-keys -v torbrowser at torproject.org
> > 
> > (--locate-external-key is easier to type than yours.  It excludes the
> >  local keys and thus always goes out to the WKD) then gives:
> > 
> >   DBG: ntbtls(2): got an alert message, type: [2:40]
> >   DBG: ntbtls(1): is a fatal alert message (msg 40)
> >   DBG: ntbtls(1): (handshake failed)
> >   DBG: ntbtls(1): read_record returned: Fatal alert message received <TLS>
> >   DBG: ntbtls(2): handshake ready
> >   TLS handshake failed: Fatal alert message received <TLS>
> >   error connecting to 'https://openpgpkey.tor[...]
> > 
> > A reason for the failed handhake might be that no common parameters
> > could be found.
> 
> Probably, no matching cipher suite. According to ssllabs.com/ssltest 
> openpgpkey.torproject.org (well, at least one of the actual servers) only 
> supports the following cipher suites:
> # TLS 1.3 (server has no preference)
> TLS_AES_128_GCM_SHA256
> TLS_AES_256_GCM_SHA384
> TLS_CHACHA20_POLY1305_SHA256
> 
> # TLS 1.2 (server has no preference)
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
> 
> I think none of those matches any of those in the output of ntbtls in your 
> message.
> 
> Regards,
> Ingo
> 

It was a ciphersuite change on our server, and it's fixed now.

Thanks all!

Gus

-- 
The Tor Project
Community Team Lead
http://expyuzz4wqqyqhjn.onion/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200327/61607f75/attachment.sig>

More information about the Gnupg-users mailing list