'gnutls-cli -d 9999 --insecure -p 443 post.craigslist.org' fails with 3.0.20

Todd T. Fries todd at fries.net
Mon Jul 30 19:18:51 CEST 2012


|<2>| p11: loaded provider 'gnome-keyring-module' with 0 slots
|<2>| ASSERT: pkcs11.c:459
Processed 152 CA certificate(s).
Resolving 'post.craigslist.org'...
Connecting to '208.82.238.151:443'...
|<4>| REC[0x73118]: Allocating epoch #0
|<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data
|<2>| ASSERT: gnutls_constate.c:717
|<4>| REC[0x73118]: Allocating epoch #1
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
|<3>| HSK[0x73118]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
|<3>| HSK[0x73118]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 (00.66)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 (00.05)
|<3>| HSK[0x73118]: Keeping ciphersuite: RSA_ARCFOUR_MD5 (00.04)
|<3>| EXT[0x73118]: Sending extension SERVER NAME (24 bytes)
|<3>| EXT[0x73118]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<3>| EXT[0x73118]: Sending extension SUPPORTED ECC (12 bytes)
|<3>| EXT[0x73118]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<3>| EXT[0x73118]: sent signature algo (4.1) RSA-SHA256
|<3>| EXT[0x73118]: sent signature algo (4.2) DSA-SHA256
|<3>| EXT[0x73118]: sent signature algo (4.3) ECDSA-SHA256
|<3>| EXT[0x73118]: sent signature algo (5.1) RSA-SHA384
|<3>| EXT[0x73118]: sent signature algo (5.3) ECDSA-SHA384
|<3>| EXT[0x73118]: sent signature algo (6.1) RSA-SHA512
|<3>| EXT[0x73118]: sent signature algo (6.3) ECDSA-SHA512
|<3>| EXT[0x73118]: sent signature algo (3.1) RSA-SHA224
|<3>| EXT[0x73118]: sent signature algo (3.2) DSA-SHA224
|<3>| EXT[0x73118]: sent signature algo (3.3) ECDSA-SHA224
|<3>| EXT[0x73118]: sent signature algo (2.1) RSA-SHA1
|<3>| EXT[0x73118]: sent signature algo (2.2) DSA-SHA1
|<3>| EXT[0x73118]: sent signature algo (2.3) ECDSA-SHA1
|<3>| EXT[0x73118]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
|<3>| HSK[0x73118]: CLIENT HELLO was queued [212 bytes]
|<7>| HWRITE: enqueued [CLIENT HELLO] 212. Total 212 bytes.
|<7>| HWRITE FLUSH: 212 bytes in buffer.
|<4>| REC[0x73118]: Preparing Packet Handshake(22) with length: 212
|<9>| ENC[0x73118]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 217 bytes for 0x4. Total 217 bytes.
|<4>| REC[0x73118]: Sent Packet[1] Handshake(22) in epoch 0 and length: 217
|<7>| HWRITE: wrote 1 bytes, 0 bytes left.
|<7>| WRITE FLUSH: 217 bytes in buffer.
|<7>| WRITE: wrote 217 bytes, 0 bytes left.
|<2>| ASSERT: gnutls_buffers.c:974
|<7>| READ: Got 0 bytes from 0x4
|<7>| READ: read 0 bytes from 0x4
|<2>| ASSERT: gnutls_buffers.c:482
|<2>| ASSERT: gnutls_record.c:876
|<2>| ASSERT: gnutls_record.c:986
|<2>| ASSERT: gnutls_buffers.c:1175
|<2>| ASSERT: gnutls_handshake.c:1269
|<2>| ASSERT: gnutls_handshake.c:2484
*** Fatal error: The TLS connection was non-properly terminated.
|<2>| ASSERT: gnutls_ui.c:544
No certificates found!
|<4>| REC: Sending Alert[2|10] - Unexpected message
|<4>| REC[0x73118]: Preparing Packet Alert(21) with length: 2
|<9>| ENC[0x73118]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 7 bytes for 0x4. Total 7 bytes.
|<7>| WRITE FLUSH: 7 bytes in buffer.
|<7>| WRITE: wrote 7 bytes, 0 bytes left.
|<4>| REC[0x73118]: Sent Packet[2] Alert(21) in epoch 0 and length: 7
*** Handshake has failed
GnuTLS error: The TLS connection was non-properly terminated.
|<4>| REC[0x73118]: Start of epoch cleanup
|<4>| REC[0x73118]: End of epoch cleanup
|<4>| REC[0x73118]: Epoch #0 freed
|<4>| REC[0x73118]: Epoch #1 freed

I can confirm this same behavior on Linux/Debian/arm and OpenBSD/i386.

Thanks,
-- 
Todd Fries .. todd at fries.net

 _____________________________________________
|                                             \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:freedaemon at ekiga.net
| "..in support of free software solutions."  \  sip:4052279094 at ekiga.net
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                                 
              37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
                        http://todd.fries.net/pgp.txt





More information about the Gnutls-devel mailing list