[gnutls-devel] GnuTLS | Cannot connect to github.com, download.mono-project.com (#990)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Jun 30 08:06:57 CEST 2020




Maarten Boekhold commented:


I've got GIT working by creating the following file
```
# /etc/gnutls/config
[overrides]
tls-disabled-group = group-secp256r1
```
However this doesn't work for apt/apt-get. If I run:
```
export GNUTLS_DEBUG_LEVEL=9
apt update
```
I'm getting a different kind of exception from gnutls:

```
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1168
gnutls[5]: REC[0x55ea6c6b1bf0]: SSL 3.3 Alert packet received. Epoch 0, length: 2
gnutls[5]: REC[0x55ea6c6b1bf0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55ea6c6b1bf0]: Received Packet Alert(21) with length: 2
gnutls[5]: REC[0x55ea6c6b1bf0]: Decrypted Packet[0] Alert(21) with length: 2
gnutls[5]: REC[0x55ea6c6b1bf0]: Alert[2|40] - Handshake failed - was received
gnutls[3]: ASSERT: ../../lib/record.c[record_add_to_buffers]:891
gnutls[3]: ASSERT: ../../lib/record.c[record_add_to_buffers]:897
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1577
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1446
gnutls[3]: ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1531
gnutls[3]: ASSERT: ../../lib/handshake.c[handshake_client]:2918
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:696
gnutls[5]: REC: Sending Alert[1|0] - Close notify
gnutls[5]: REC[0x55ea6c6b1bf0]: Preparing Packet Alert(21) with length: 2 and min pad: 0
gnutls[9]: ENC[0x55ea6c6b1bf0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[5]: REC[0x55ea6c6b1bf0]: Sent Packet[2] Alert(21) in epoch 0 and length: 7
gnutls[3]: ASSERT: ../../lib/record.c[check_session_status]:1649
gnutls[3]: ASSERT: ../../lib/record.c[gnutls_bye]:324
Err:14 https://download.mono-project.com/repo/ubuntu stable-focal Release                                                     
  Could not handshake: A TLS fatal alert has been received. [IP: 152.199.19.161 443]
```
Will keep investigating...

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/990#note_370499297
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200630/ace3cbcd/attachment.html>


More information about the Gnutls-devel mailing list