[gnutls-devel] GnuTLS | GnuTLS error: A packet with illegal or unsupported version was received. (#621)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Nov 17 19:58:23 CET 2018


Thank you very much for your response! I will try to compile and test the master branch tomorrow. For now here's a debugging log that hopefully shows something useful:

`
gnutls[5]: REC[0x7d200fa0]: Allocating epoch #0
gnutls[2]: added 4 protocols, 29 ciphersuites, 18 sig algos and 9 groups into priority list
gnutls[5]: REC[0x7d200fa0]: Allocating epoch #1
gnutls[4]: HSK[0x7d200fa0]: Adv. version: 3.3
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Maximum Record Size/1) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (OCSP Status Request/5) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sending extension OCSP Status Request/5 (5 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Client Certificate Type/19) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Server Certificate Type/20) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Supported Groups/10) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x7d200fa0]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x7d200fa0]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x7d200fa0]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x7d200fa0]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x7d200fa0]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x7d200fa0]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x7d200fa0]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x7d200fa0]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x7d200fa0]: Sending extension Supported Groups/10 (20 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Supported EC Point Formats/11) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sending extension Supported EC Point Formats/11 (2 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (SRP/12) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Signature Algorithms/13) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (8.9) RSA-PSS-SHA256
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (8.7) EdDSA-Ed25519
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (8.10) RSA-PSS-SHA384
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (8.11) RSA-PSS-SHA512
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x7d200fa0]: sent signature algo (2.3) ECDSA-SHA1
gnutls[4]: EXT[0x7d200fa0]: Sending extension Signature Algorithms/13 (32 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (SRTP/14) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Heartbeat/15) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (ALPN/16) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sending extension Encrypt-then-MAC/22 (0 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Extended Master Secret/23) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sending extension Extended Master Secret/23 (0 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Session Ticket/35) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sending extension Session Ticket/35 (0 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Key Share/51) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: sending key share for SECP256R1
gnutls[4]: EXT[0x7d200fa0]: sending key share for X25519
gnutls[4]: EXT[0x7d200fa0]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Supported Versions/43) for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x7d200fa0]: Sending extension Supported Versions/43 (5 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Post Handshake Auth/49) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Safe Renegotiation/65281) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sending extension Safe Renegotiation/65281 (1 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Server Name Indication/0) for 'client hello'
gnutls[2]: HSK[0x7d200fa0]: sent server name: 'addons-ecs.forgesvc.net'
gnutls[4]: EXT[0x7d200fa0]: Sending extension Server Name Indication/0 (28 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Cookie/44) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Early Data/42) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sending extension PSK Key Exchange Modes/45 (3 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Record Size Limit/28) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Sending extension Record Size Limit/28 (2 bytes)
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (ClientHello Padding/21) for 'client hello'
gnutls[4]: EXT[0x7d200fa0]: Preparing extension (Pre Shared Key/41) for 'client hello'
gnutls[4]: HSK[0x7d200fa0]: CLIENT HELLO was queued [360 bytes]
gnutls[5]: REC[0x7d200fa0]: Preparing Packet Handshake(22) with length: 360 and min pad: 0
gnutls[5]: REC[0x7d200fa0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 365
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1171
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1171
gnutls[5]: REC[0x7d200fa0]: SSL 3.3 Handshake packet received. Epoch 0, length: 69
gnutls[5]: REC[0x7d200fa0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x7d200fa0]: Received Packet Handshake(22) with length: 69
gnutls[5]: REC[0x7d200fa0]: Decrypted Packet[0] Handshake(22) with length: 69
gnutls[4]: HSK[0x7d200fa0]: SERVER HELLO (2) was received. Length 65[65], frag offset 0, frag length: 65, sequence: 0
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1162
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1413
gnutls[4]: HSK[0x7d200fa0]: Server's version: 3.3
gnutls[3]: ASSERT: ../../lib/handshake.c[read_server_hello]:1835
gnutls[3]: ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1514
gnutls[3]: ASSERT: ../../lib/handshake.c[handshake_client]:2853
GnuTLS error: A packet with illegal or unsupported version was received.
gnutls[5]: REC[0x7d200fa0]: Start of epoch cleanup
gnutls[5]: REC[0x7d200fa0]: End of epoch cleanup
gnutls[5]: REC[0x7d200fa0]: Epoch #0 freed
gnutls[5]: REC[0x7d200fa0]: Epoch #1 freed
`

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/621#note_118010298
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181117/3a931246/attachment-0001.html>


More information about the Gnutls-devel mailing list