[gnutls-devel] GnuTLS | 3.7.0 errors against (old TLS 1.0?) FTPS (FTP/TLS) servers (#1152)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Jan 22 18:20:00 CET 2021



Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1152



Hello,

this was reported in https://bugs.debian.org/980119

Data transfer (including ls) from an older version FTPS (FTP/TLS) servers results in a generic gnutls error:
> In FileZilla, this shows as a number of red error messages ending with "GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received."  In lftp, this shows as a single filure line: "Fatal error: gnutls_record_recv: An unexpected TLS packet was received."

gnutls-cli  --starttls-proto=ftp works, only a data connection triggers the error.
~~~
- Status: The certificate is trusted. 
- Successfully sent 0 certificate(s) to server.
- Description: (TLS1.0-X.509)-(ECDHE-SECP256R1)-(AES-128-CBC)-(SHA1)
- Session ID: 78:CC:6C:F1:66:01:CA:0C:7A:4E:FC:FF:DA:04:59:30:44:7C:
81:B7:59:44:6D:44:71:56:72:62:EA:DA:0E:41
- Options: safe renegotiation,
- Handshake was completed
~~~

Using wget gnutls debug data was generated:
~~~
  Yes, Wget also failed, it actually SIGABRTed.

WARNING lots of data.  I skipped to where the data transfer actually started.
Changing directories worked as far as I could tell.

---8<---
227 Entering Passive Mode (8,48,33,7,5,0).
trying to connect to 8.48.33.7 port 1280
Created socket 4.
done.    ==> RETR whitelist.json ...
--> RETR whitelist.json

gnutls[5]: REC[0x55baf0c5d760]: Preparing Packet Application Data(23) with
length: 21 and min pad: 0
gnutls[9]: ENC[0x55baf0c5d760]: cipher: AES-128-CBC, MAC: SHA1, Epoch: 1
gnutls[11]: WRITE: enqueued 53 bytes for 0x3. Total 53 bytes.
gnutls[11]: WRITE FLUSH: 53 bytes in buffer.
gnutls[11]: WRITE: wrote 53 bytes, 0 bytes left.
gnutls[5]: REC[0x55baf0c5d760]: Sent Packet[12] Application Data(23) in epoch
1 and length: 53
gnutls[10]: READ: -1 returned from 0x3, errno=11 gerrno=0
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_int]:1776
gnutls[10]: READ: Got 5 bytes from 0x3
gnutls[10]: READ: read 5 bytes from 0x3
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0c5d760]: SSL 3.1 Application Data packet received.
Epoch 1, length: 96
gnutls[5]: REC[0x55baf0c5d760]: Expected Packet Application Data(23)
gnutls[5]: REC[0x55baf0c5d760]: Received Packet Application Data(23) with
length: 96
gnutls[10]: READ: Got 96 bytes from 0x3
gnutls[10]: READ: read 96 bytes from 0x3
gnutls[10]: RB: Have 5 bytes into buffer. Adding 96 bytes.
gnutls[10]: RB: Requested 101 bytes
gnutls[5]: REC[0x55baf0c5d760]: Decrypted Packet[11] Application Data(23) with
length: 71
gnutls[13]: BUF[REC]: Inserted 71 bytes of Data(23)
150 Opening BINARY mode data connection for whitelist.json (2 bytes).
done.
Length: 2 (unauthoritative)
gnutls[5]: REC[0x55baf0f22d60]: Allocating epoch #0
gnutls[2]: added 6 protocols, 29 ciphersuites, 19 sig algos and 10 groups into
priority list
gnutls[5]: REC[0x55baf0f22d60]: Allocating epoch #1
gnutls[4]: HSK[0x55baf0f22d60]: Adv. version: 3.1
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (OCSP Status Request/5)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension OCSP Status Request/5 (5
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Client Certificate Type/
19) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Server Certificate Type/
20) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported Groups/10) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group X448 (0x1e)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported Groups/10 (22
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported EC Point
Formats/11) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported EC Point Formats/
11 (2 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (SRP/12) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Signature Algorithms/13)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (SRTP/14) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Heartbeat/15) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (ALPN/16) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Encrypt-then-MAC/22) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Extended Master Secret/
23) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Session Ticket/35) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Session Ticket/35 (192
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Key Share/51) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: sending key share for SECP256R1
gnutls[4]: EXT[0x55baf0f22d60]: sending key share for X25519
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported Versions/43)
for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: Advertizing version 3.2
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported Versions/43 (9
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Post Handshake Auth/49)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Post Handshake Auth/49 (0
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Safe Renegotiation/65281)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Safe Renegotiation/65281 (1
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Server Name Indication/0)
for 'client hello'
gnutls[2]: HSK[0x55baf0f22d60]: sent server name: 'bos-sr-2-36.akliz.net'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Server Name Indication/0 (26
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Cookie/44) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Early Data/42) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (PSK Key Exchange Modes/
45) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension PSK Key Exchange Modes/45 (3
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Record Size Limit/28) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Record Size Limit/28 (2
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Maximum Record Size/1)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (ClientHello Padding/21)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Pre Shared Key/41) for
'client hello'
gnutls[4]: HSK[0x55baf0f22d60]: CLIENT HELLO was queued [548 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT HELLO] 548. Total 548 bytes.
gnutls[11]: HWRITE FLUSH: 548 bytes in buffer.
gnutls[5]: REC[0x55baf0f22d60]: Preparing Packet Handshake(22) with length:
548 and min pad: 0
gnutls[9]: ENC[0x55baf0f22d60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 553 bytes for 0x4. Total 553 bytes.
gnutls[5]: REC[0x55baf0f22d60]: Sent Packet[1] Handshake(22) in epoch 0 and
length: 553
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 553 bytes in buffer.
gnutls[11]: WRITE: wrote 553 bytes, 0 bytes left.
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: -1 returned from 0x4, errno=11 gerrno=0
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 5 bytes from 0x4
gnutls[10]: READ: read 5 bytes from 0x4
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0f22d60]: SSL 3.1 Handshake packet received. Epoch 0,
length: 81
gnutls[5]: REC[0x55baf0f22d60]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55baf0f22d60]: Received Packet Handshake(22) with length: 81
gnutls[10]: READ: Got 81 bytes from 0x4
gnutls[10]: READ: read 81 bytes from 0x4
gnutls[10]: RB: Have 5 bytes into buffer. Adding 81 bytes.
gnutls[10]: RB: Requested 86 bytes
gnutls[5]: REC[0x55baf0f22d60]: Decrypted Packet[0] Handshake(22) with length:
81
gnutls[13]: BUF[REC]: Inserted 81 bytes of Data(22)
gnutls[4]: HSK[0x55baf0f22d60]: SERVER HELLO (2) was received. Length 77[77],
frag offset 0, frag length: 77, sequence: 0
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1176
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1428
gnutls[4]: HSK[0x55baf0f22d60]: Server's version: 3.1
gnutls[4]: HSK[0x55baf0f22d60]: SessionID length: 32
gnutls[4]: HSK[0x55baf0f22d60]: SessionID:
0e858e4d3c95cb52c76acd4aa2a15d110e6436905b6ce04f06ecf62f7caeb4c0
gnutls[4]: HSK[0x55baf0f22d60]: Selected cipher suite:
GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
gnutls[4]: EXT[0x55baf0f22d60]: Parsing extension 'Safe Renegotiation/65281'
(1 bytes)
gnutls[4]: HSK[0x55baf0f22d60]: Safe renegotiation succeeded
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 5 bytes from 0x4
gnutls[10]: READ: read 5 bytes from 0x4
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0f22d60]: SSL 3.1 ChangeCipherSpec packet received.
Epoch 0, length: 1
gnutls[5]: REC[0x55baf0f22d60]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55baf0f22d60]: Received Packet ChangeCipherSpec(20) with
length: 1
gnutls[10]: READ: Got 1 bytes from 0x4
gnutls[10]: READ: read 1 bytes from 0x4
gnutls[10]: RB: Have 5 bytes into buffer. Adding 1 bytes.
gnutls[10]: RB: Requested 6 bytes
gnutls[5]: REC[0x55baf0f22d60]: Decrypted Packet[1] ChangeCipherSpec(20) with
length: 1
gnutls[3]: ASSERT: ../../lib/record.c[record_add_to_buffers]:907
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1578
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1467
gnutls[3]: ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1556
gnutls[3]: ASSERT: ../../lib/kx.c[_gnutls_recv_server_certificate]:749
gnutls[3]: ASSERT: ../../lib/handshake.c[handshake_client]:3008
gnutls[13]: BUF[HSK]: Emptied buffer
GnuTLS: An unexpected TLS packet was received.
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55baf0f22d60]: Start of epoch cleanup
gnutls[5]: REC[0x55baf0f22d60]: End of epoch cleanup
gnutls[5]: REC[0x55baf0f22d60]: Epoch #0 freed
gnutls[5]: REC[0x55baf0f22d60]: Epoch #1 freed
Server does not want to resume the SSL session. Trying with a new one.
gnutls[5]: REC[0x55baf0f22d60]: Allocating epoch #0
gnutls[2]: added 6 protocols, 29 ciphersuites, 19 sig algos and 10 groups into
priority list
gnutls[5]: REC[0x55baf0f22d60]: Allocating epoch #1
gnutls[4]: HSK[0x55baf0f22d60]: Adv. version: 3.3
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (OCSP Status Request/5)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension OCSP Status Request/5 (5
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Client Certificate Type/
19) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Server Certificate Type/
20) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported Groups/10) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group X448 (0x1e)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported Groups/10 (22
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported EC Point
Formats/11) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported EC Point Formats/
11 (2 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (SRP/12) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Signature Algorithms/13)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.9) RSA-PSS-SHA256
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.7) EdDSA-Ed25519
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.10) RSA-PSS-SHA384
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.8) EdDSA-Ed448
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.11) RSA-PSS-SHA512
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (2.3) ECDSA-SHA1
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Signature Algorithms/13 (34
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (SRTP/14) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Heartbeat/15) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (ALPN/16) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Encrypt-then-MAC/22) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Extended Master Secret/
23) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Session Ticket/35) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Session Ticket/35 (0 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Key Share/51) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: sending key share for SECP256R1
gnutls[4]: EXT[0x55baf0f22d60]: sending key share for X25519
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported Versions/43)
for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: Advertizing version 3.2
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported Versions/43 (9
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Post Handshake Auth/49)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Post Handshake Auth/49 (0
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Safe Renegotiation/65281)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Safe Renegotiation/65281 (1
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Server Name Indication/0)
for 'client hello'
gnutls[2]: HSK[0x55baf0f22d60]: sent server name: 'bos-sr-2-36.akliz.net'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Server Name Indication/0 (26
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Cookie/44) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Early Data/42) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (PSK Key Exchange Modes/
45) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension PSK Key Exchange Modes/45 (3
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Record Size Limit/28) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Record Size Limit/28 (2
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Maximum Record Size/1)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (ClientHello Padding/21)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension ClientHello Padding/21 (114
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Pre Shared Key/41) for
'client hello'
gnutls[4]: HSK[0x55baf0f22d60]: CLIENT HELLO was queued [512 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT HELLO] 512. Total 512 bytes.
gnutls[11]: HWRITE FLUSH: 512 bytes in buffer.
gnutls[5]: REC[0x55baf0f22d60]: Preparing Packet Handshake(22) with length:
512 and min pad: 0
gnutls[9]: ENC[0x55baf0f22d60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 517 bytes for 0x4. Total 517 bytes.
gnutls[5]: REC[0x55baf0f22d60]: Sent Packet[1] Handshake(22) in epoch 0 and
length: 517
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 517 bytes in buffer.
gnutls[11]: WRITE: wrote 517 bytes, 0 bytes left.
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 5 bytes from 0x4
gnutls[10]: READ: read 5 bytes from 0x4
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0f22d60]: SSL 3.1 Handshake packet received. Epoch 0,
length: 48
gnutls[5]: REC[0x55baf0f22d60]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55baf0f22d60]: Received Packet Handshake(22) with length: 48
gnutls[10]: READ: Got 48 bytes from 0x4
gnutls[10]: READ: read 48 bytes from 0x4
gnutls[10]: RB: Have 5 bytes into buffer. Adding 48 bytes.
gnutls[10]: RB: Requested 53 bytes
gnutls[5]: REC[0x55baf0f22d60]: Decrypted Packet[0] Handshake(22) with length:
48
gnutls[13]: BUF[REC]: Inserted 48 bytes of Data(22)
gnutls[4]: HSK[0x55baf0f22d60]: KEY_UPDATE (24) was received. Length
15468356[44], frag offset 0, frag length: 44, sequence: 0
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_parse_record_buffered_msgs]:
1317
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 5 bytes from 0x4
gnutls[10]: READ: read 5 bytes from 0x4
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0f22d60]: SSL 3.1 Alert packet received. Epoch 0,
length: 32
gnutls[5]: REC[0x55baf0f22d60]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55baf0f22d60]: Received Packet Alert(21) with length: 32
gnutls[10]: READ: Got 32 bytes from 0x4
gnutls[10]: READ: read 32 bytes from 0x4
gnutls[10]: RB: Have 5 bytes into buffer. Adding 32 bytes.
gnutls[10]: RB: Requested 37 bytes
gnutls[5]: REC[0x55baf0f22d60]: Decrypted Packet[1] Alert(21) with length: 32
gnutls[5]: REC[0x55baf0f22d60]: Alert[109|103] - (null) - was received
gnutls[3]: ASSERT: ../../lib/record.c[record_add_to_buffers]:892
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1578
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1467
gnutls[3]: ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1556
GnuTLS: A TLS warning alert has been received.
GnuTLS: received alert [103]: (unknown)
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: -1 returned from 0x4, errno=11 gerrno=0
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 0 bytes from 0x4
gnutls[10]: READ: read 0 bytes from 0x4
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:593
gnutls[3]: ASSERT: ../../lib/record.c[recv_headers]:1184
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1310
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1467
gnutls[3]: ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1556
gnutls[3]: ASSERT: ../../lib/handshake.c[handshake_client]:2968
gnutls[13]: BUF[HSK]: Emptied buffer
GnuTLS: The TLS connection was non-properly terminated.
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55baf0f22d60]: Start of epoch cleanup
gnutls[5]: REC[0x55baf0f22d60]: End of epoch cleanup
gnutls[5]: REC[0x55baf0f22d60]: Epoch #0 freed
gnutls[5]: REC[0x55baf0f22d60]: Epoch #1 freed
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55baf0c5d760]: Start of epoch cleanup
gnutls[5]: REC[0x55baf0c5d760]: End of epoch cleanup
gnutls[5]: REC[0x55baf0c5d760]: Epoch #1 freed
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55baf0c5d760]: Start of epoch cleanup
gnutls[5]: REC[0x55baf0c5d760]: End of epoch cleanup
gnutls[5]: REC[0x55baf0c5d760]: Epoch #1 freed
Closed fd 4
Could not perform SSL handshake.
~~~

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1152
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210122/91d2c092/attachment-0001.html>


More information about the Gnutls-devel mailing list