<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #777;">

<a href="https://gitlab.com/klolos">Kostis Lolos</a> created an issue:

</p>

<div></div>

<h2 dir="auto">

<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>

<p dir="auto">After a few hours of session inactivity, requests towards the <code>Google Cloud Storage</code> using <code>libcurl</code> and <code>libgnutls</code> fail with the following error:</p>

<blockquote dir="auto">

<p>gnutls_handshake() failed: An unexpected TLS packet was received.</p>

</blockquote>

<h2 dir="auto">

<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>

<p dir="auto">3.3.30</p>

<h2 dir="auto">

<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto">libgnutls-openssl27 3.3.30-0+deb8u1 (from Debian jessie/updates)</p>

<h2 dir="auto">

<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>

<p dir="auto">The problems seems to happen consistently when trying to resume a session that is more than a few hours old. In particular:</p>

<ul dir="auto">

<li>Connect to GCS via libcurl+libgnutls from within a GKE container. Everything seems to be working as expected for a while, including session resumption.</li>

<li>A few hours later, attempt to issue a request. Session resumption fails with the above error. Note that this seems to always happen after a few hours, and once it happens it never recovers.</li>

</ul>

<h2 dir="auto">

<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>

<p dir="auto">Here are the logs from a failed attempt to resume a session:</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">* Connection 0 seems to be dead!</span>

<span id="LC2" class="line" lang="plaintext">* Closing connection 0</span>

<span id="LC3" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_buffers.c:679</span>

<span id="LC4" class="line" lang="plaintext">gnutls[5]: REC: Sending Alert[1|0] - Close notify</span>

<span id="LC5" class="line" lang="plaintext">gnutls[5]: REC[0x7f4430464870]: Preparing Packet Alert(21) with length: 2 and min pad: 0</span>

<span id="LC6" class="line" lang="plaintext">gnutls[9]: ENC[0x7f4430464870]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1</span>

<span id="LC7" class="line" lang="plaintext">gnutls[5]: REC[0x7f4430464870]: Sent Packet[11] Alert(21) in epoch 1 and length: 31</span>

<span id="LC8" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_buffers.c:576</span>

<span id="LC9" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_record.c:1063</span>

<span id="LC10" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_record.c:1184</span>

<span id="LC11" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_record.c:1363</span>

<span id="LC12" class="line" lang="plaintext">gnutls[5]: REC[0x7f4430464870]: Start of epoch cleanup</span>

<span id="LC13" class="line" lang="plaintext">gnutls[5]: REC[0x7f4430464870]: End of epoch cleanup</span>

<span id="LC14" class="line" lang="plaintext">gnutls[5]: REC[0x7f4430464870]: Epoch #1 freed</span>

<span id="LC15" class="line" lang="plaintext">* Hostname was NOT found in DNS cache</span>

<span id="LC16" class="line" lang="plaintext">*   Trying 74.125.71.128...</span>

<span id="LC17" class="line" lang="plaintext">* TCP_NODELAY set</span>

<span id="LC18" class="line" lang="plaintext">* Connected to storage.googleapis.com (74.125.71.128) port 443 (#1)</span>

<span id="LC19" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC20" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC21" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC22" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC23" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC24" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC25" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC26" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC27" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC28" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC29" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC30" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC31" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC32" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC33" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC34" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC35" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC36" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC37" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC38" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC39" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC40" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC41" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC42" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC43" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC44" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC45" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1923</span>

<span id="LC46" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1923</span>

<span id="LC47" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1923</span>

<span id="LC48" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC49" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC50" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC51" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC52" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC53" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC54" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC55" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC56" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC57" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC58" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC59" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC60" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC61" class="line" lang="plaintext">gnutls[3]: ASSERT: common.c:1106</span>

<span id="LC62" class="line" lang="plaintext">* found 153 certificates in /etc/ssl/certs/ca-certificates.crt</span>

<span id="LC63" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Allocating epoch #0</span>

<span id="LC64" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_session_pack.c:875</span>

<span id="LC65" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_session_pack.c:254</span>

<span id="LC66" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_session.c:217</span>

<span id="LC67" class="line" lang="plaintext">* SSL re-using session ID</span>

<span id="LC68" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_constate.c:586</span>

<span id="LC69" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Allocating epoch #1</span>

<span id="LC70" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)</span>

<span id="LC71" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)</span>

<span id="LC72" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)</span>

<span id="LC73" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)</span>

<span id="LC74" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)</span>

<span id="LC75" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)</span>

<span id="LC76" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)</span>

<span id="LC77" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)</span>

<span id="LC78" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)</span>

<span id="LC79" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)</span>

<span id="LC80" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)</span>

<span id="LC81" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)</span>

<span id="LC82" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)</span>

<span id="LC83" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)</span>

<span id="LC84" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)</span>

<span id="LC85" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)</span>

<span id="LC86" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)</span>

<span id="LC87" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)</span>

<span id="LC88" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)</span>

<span id="LC89" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)</span>

<span id="LC90" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)</span>

<span id="LC91" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)</span>

<span id="LC92" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)</span>

<span id="LC93" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)</span>

<span id="LC94" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_AES_256_GCM_SHA384 (00.9F)</span>

<span id="LC95" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)</span>

<span id="LC96" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)</span>

<span id="LC97" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)</span>

<span id="LC98" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)</span>

<span id="LC99" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)</span>

<span id="LC100" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)</span>

<span id="LC101" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)</span>

<span id="LC102" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)</span>

<span id="LC103" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_AES_256_GCM_SHA384 (00.A3)</span>

<span id="LC104" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256 (C0.80)</span>

<span id="LC105" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384 (C0.81)</span>

<span id="LC106" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)</span>

<span id="LC107" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)</span>

<span id="LC108" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)</span>

<span id="LC109" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)</span>

<span id="LC110" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)</span>

<span id="LC111" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1</span>

<span id="LC112" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1</span>

<span id="LC113" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1</span>

<span id="LC114" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Sending extension STATUS REQUEST (5 bytes)</span>

<span id="LC115" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Sending extension SERVER NAME (27 bytes)</span>

<span id="LC116" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Sending extension SAFE RENEGOTIATION (1 bytes)</span>

<span id="LC117" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Sending extension SESSION TICKET (0 bytes)</span>

<span id="LC118" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Sending extension SUPPORTED ECC (12 bytes)</span>

<span id="LC119" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)</span>

<span id="LC120" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (4.1) RSA-SHA256</span>

<span id="LC121" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (4.2) DSA-SHA256</span>

<span id="LC122" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (4.3) ECDSA-SHA256</span>

<span id="LC123" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (5.1) RSA-SHA384</span>

<span id="LC124" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (5.3) ECDSA-SHA384</span>

<span id="LC125" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (6.1) RSA-SHA512</span>

<span id="LC126" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (6.3) ECDSA-SHA512</span>

<span id="LC127" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (3.1) RSA-SHA224</span>

<span id="LC128" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (3.2) DSA-SHA224</span>

<span id="LC129" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (3.3) ECDSA-SHA224</span>

<span id="LC130" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (2.1) RSA-SHA1</span>

<span id="LC131" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (2.2) DSA-SHA1</span>

<span id="LC132" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: sent signature algo (2.3) ECDSA-SHA1</span>

<span id="LC133" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Sending extension SIGNATURE ALGORITHMS (28 bytes)</span>

<span id="LC134" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: CLIENT HELLO was queued [262 bytes]</span>

<span id="LC135" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Preparing Packet Handshake(22) with length: 262 and min pad: 0</span>

<span id="LC136" class="line" lang="plaintext">gnutls[9]: ENC[0x7f44184758a0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0</span>

<span id="LC137" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 267</span>

<span id="LC138" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_buffers.c:1139</span>

<span id="LC139" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_buffers.c:572</span>

<span id="LC140" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_buffers.c:1139</span>

<span id="LC141" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: SSL 3.3 Handshake packet received. Epoch 0, length: 87</span>

<span id="LC142" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Expected Packet Handshake(22)</span>

<span id="LC143" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Received Packet Handshake(22) with length: 87</span>

<span id="LC144" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Decrypted Packet[0] Handshake(22) with length: 87</span>

<span id="LC145" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: SERVER HELLO (2) was received. Length 83[83], frag offset 0, frag length: 83, sequence: 0</span>

<span id="LC146" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Server's version: 3.3</span>

<span id="LC147" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: SessionID length: 32</span>

<span id="LC148" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: SessionID: a19f24559997b30f74681ade21bea07216b8c9f465045160fd899b4e9e5b6260</span>

<span id="LC149" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256</span>

<span id="LC150" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Selected compression method: NULL (0)</span>

<span id="LC151" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)</span>

<span id="LC152" class="line" lang="plaintext">gnutls[4]: EXT[0x7f44184758a0]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes)</span>

<span id="LC153" class="line" lang="plaintext">gnutls[4]: HSK[0x7f44184758a0]: Safe renegotiation succeeded</span>

<span id="LC154" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_buffers.c:1139</span>

<span id="LC155" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1</span>

<span id="LC156" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Expected Packet Handshake(22)</span>

<span id="LC157" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Received Packet ChangeCipherSpec(20) with length: 1</span>

<span id="LC158" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Decrypted Packet[1] ChangeCipherSpec(20) with length: 1</span>

<span id="LC159" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_record.c:815</span>

<span id="LC160" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_record.c:1327</span>

<span id="LC161" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_buffers.c:1393</span>

<span id="LC162" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_handshake.c:1440</span>

<span id="LC163" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_kx.c:630</span>

<span id="LC164" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_handshake.c:2757</span>

<span id="LC165" class="line" lang="plaintext">* gnutls_handshake() failed: An unexpected TLS packet was received.</span>

<span id="LC166" class="line" lang="plaintext">* Closing connection 1</span>

<span id="LC167" class="line" lang="plaintext">gnutls[3]: ASSERT: gnutls_record.c:342</span>

<span id="LC168" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Start of epoch cleanup</span>

<span id="LC169" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: End of epoch cleanup</span>

<span id="LC170" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Epoch #0 freed</span>

<span id="LC171" class="line" lang="plaintext">gnutls[5]: REC[0x7f44184758a0]: Epoch #1 freed</span></code></pre>

<p dir="auto">The relevant strace is the following:</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">3520963 sendto(21, "\26\3\1\1\6\1\0\1\2\3\3]f@k\227\237\201\236}\30m\240Y\207\315C\205%Vb\340 \346|\301\206\320EV\271\202I \241\237$U\231\227\263\17th\32\336!\276\240r\26\270\311\364e\4Q`\375\211\233N\236[b`\0R\300+\300,\300\206\300\207\300\t\300\n\300\10\300/\3000\300\212\300\213\300\23\300\24\300\22\0\234\0\235\300z\300{\0/\0005\0A\0\204\0\n\0\236\0\237\300|\300}\0003\0009\0E\0\210\0\26\0\242\0\243\300\200\300\201\0002\0008\0D\0\207\0\23\1\0\0g\0\5\0\5\1\0\0\0\0\0\0\0\33\0\31\0\0\26storage.googleapis.com\377\1\0\1\0\0#\0\0\0\n\0\f\0\n\0\27\0\30\0\31\0\25\0\23\0\v\0\2\1\0\0\r\0\34\0\32\4\1\4\2\4\3\5\1\5\3\6\1\6\3\3\1\3\2\3\3\2\1\2\2\2\3", 267, MSG_NOSIGNAL, NULL, 0) = 267</span>

<span id="LC2" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_buffers.c:1139\n", 41) = 41</span>

<span id="LC3" class="line" lang="plaintext">3520963 recvfrom(21, 0x7f441802b0d0, 5, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)</span>

<span id="LC4" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_buffers.c:572\n", 40) = 40</span>

<span id="LC5" class="line" lang="plaintext">3520963 poll([{fd=21, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)</span>

<span id="LC6" class="line" lang="plaintext">3520963 poll([{fd=21, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)</span>

<span id="LC7" class="line" lang="plaintext">3520963 poll([{fd=21, events=POLLIN}], 1, 186) = 1 ([{fd=21, revents=POLLIN}])</span>

<span id="LC8" class="line" lang="plaintext">3520963 poll([{fd=21, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 1 ([{fd=21, revents=POLLIN|POLLRDNORM}])</span>

<span id="LC9" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_buffers.c:1139\n", 41) = 41</span>

<span id="LC10" class="line" lang="plaintext">3520963 recvfrom(21, "\26\3\3\0W", 5, 0, NULL, NULL) = 5</span>

<span id="LC11" class="line" lang="plaintext">3520963 write(2, "gnutls[5]: REC[0x7f44184758a0]: SSL 3.3 Handshake packet received. Epoch 0, length: 87\n", 87) = 87</span>

<span id="LC12" class="line" lang="plaintext">3520963 write(2, "gnutls[5]: REC[0x7f44184758a0]: Expected Packet Handshake(22)\n", 62) = 62</span>

<span id="LC13" class="line" lang="plaintext">3520963 write(2, "gnutls[5]: REC[0x7f44184758a0]: Received Packet Handshake(22) with length: 87\n", 78) = 78</span>

<span id="LC14" class="line" lang="plaintext">3520963 recvfrom(21, "\2\0\0S\3\3]f@5,g|\224\\\f'N\217\240\0\232\265\221V\1\3755]5DOWNGRD\1 \241\237$U\231\227\263\17th\32\336!\276\240r\26\270\311\364e\4Q`\375\211\233N\236[b`\300/\0\0\v\377\1\0\1\0\0\v\0\2\1\0", 87, 0, NULL, NULL) = 87</span>

<span id="LC15" class="line" lang="plaintext">3520963 write(2, "gnutls[5]: REC[0x7f44184758a0]: Decrypted Packet[0] Handshake(22) with length: 87\n", 82) = 82</span>

<span id="LC16" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: HSK[0x7f44184758a0]: SERVER HELLO (2) was received. Length 83[83], frag offset 0, frag length: 83, sequence: 0\n", 122) = 122</span>

<span id="LC17" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: HSK[0x7f44184758a0]: Server's version: 3.3\n", 54) = 54</span>

<span id="LC18" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: HSK[0x7f44184758a0]: SessionID length: 32\n", 53) = 53</span>

<span id="LC19" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: HSK[0x7f44184758a0]: SessionID: a19f24559997b30f74681ade21bea07216b8c9f465045160fd899b4e9e5b6260\n", 108) = 108</span>

<span id="LC20" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: HSK[0x7f44184758a0]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256\n", 84) = 84</span>

<span id="LC21" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: HSK[0x7f44184758a0]: Selected compression method: NULL (0)\n", 70) = 70</span>

<span id="LC22" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: EXT[0x7f44184758a0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)\n", 87) = 87</span>

<span id="LC23" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: EXT[0x7f44184758a0]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (2 bytes)\n", 93) = 93</span>

<span id="LC24" class="line" lang="plaintext">3520963 write(2, "gnutls[4]: HSK[0x7f44184758a0]: Safe renegotiation succeeded\n", 61) = 61</span>

<span id="LC25" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_buffers.c:1139\n", 41) = 41</span>

<span id="LC26" class="line" lang="plaintext">3520963 recvfrom(21, "\24\3\3\0\1", 5, 0, NULL, NULL) = 5</span>

<span id="LC27" class="line" lang="plaintext">3520963 write(2, "gnutls[5]: REC[0x7f44184758a0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1\n", 93) = 93</span>

<span id="LC28" class="line" lang="plaintext">3520963 write(2, "gnutls[5]: REC[0x7f44184758a0]: Expected Packet Handshake(22)\n", 62) = 62</span>

<span id="LC29" class="line" lang="plaintext">3520963 write(2, "gnutls[5]: REC[0x7f44184758a0]: Received Packet ChangeCipherSpec(20) with length: 1\n", 84) = 84</span>

<span id="LC30" class="line" lang="plaintext">3520963 recvfrom(21, "\1", 1, 0, NULL, NULL) = 1</span>

<span id="LC31" class="line" lang="plaintext">3520963 write(2, "gnutls[5]: REC[0x7f44184758a0]: Decrypted Packet[1] ChangeCipherSpec(20) with length: 1\n", 88) = 88</span>

<span id="LC32" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_record.c:815\n", 39) = 39</span>

<span id="LC33" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_record.c:1327\n", 40) = 40</span>

<span id="LC34" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_buffers.c:1393\n", 41) = 41</span>

<span id="LC35" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_handshake.c:1440\n", 43) = 43</span>

<span id="LC36" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_kx.c:630\n", 35) = 35</span>

<span id="LC37" class="line" lang="plaintext">3520963 write(2, "gnutls[3]: ASSERT: gnutls_handshake.c:2757\n", 43) = 43</span>

<span id="LC38" class="line" lang="plaintext">3520963 write(2, "* ", 2)               = 2</span>

<span id="LC39" class="line" lang="plaintext">3520963 write(2, "gnutls_handshake() failed: An unexpected TLS packet was received.\n", 66) = 66</span></code></pre>

<p dir="auto">Since libgnutls does not log the session ID sent via the <code>ClientHello</code> packet, here is the corresponding hexdump of the packet from the above strace. The packet seems to include the same session ID as the one in the <code>ServerHello</code> packet, i.e., <code>a19f24559997b30f74681ade21bea07216b8c9f465045160fd899b4e9e5b6260</code>:</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ printf "%b" '\26\3\1\1\6\1\0\1\2\3\3]f@k\227\237\201\236}\30m\240Y\207\315C\205%Vb\340 \346|\301\206\320EV\271\202I \241\237$U\231\227\263\17th\32\336!\276\240r\26\270\311\364e\4Q`\375\211\233N\236[b`\0R\300+\300,\300\206\300\207\300\t\300\n\300\10\300/\3000\300\212\300\213\300\23\300\24\300\22\0\234\0\235\300z\300{\0/\0005\0A\0\204\0\n\0\236\0\237\300|\300}\0003\0009\0E\0\210\0\26\0\242\0\243\300\200\300\201\0002\0008\0D\0\207\0\23\1\0\0g\0\5\0\5\1\0\0\0\0\0\0\0\33\0\31\0\0\26storage.googleapis.com\377\1\0\1\0\0#\0\0\0\n\0\f\0\n\0\27\0\30\0\31\0\25\0\23\0\v\0\2\1\0\0\r\0\34\0\32\4\1\4\2\4\3\5\1\5\3\6\1\6\3\3\1\3\2\3\3\2\1\2\2\2\3' | hexdump -C</span>

<span id="LC2" class="line" lang="plaintext">00000000  16 03 01 01 06 01 00 01  02 03 03 5d 66 40 6b 97  |...........]f@k.|</span>

<span id="LC3" class="line" lang="plaintext">00000010  9f 81 9e 7d 18 6d a0 59  87 cd 43 85 25 56 62 e0  |...}.m.Y..C.%Vb.|</span>

<span id="LC4" class="line" lang="plaintext">00000020  20 e6 7c c1 86 d0 45 56  b9 82 49 20 a1 9f 24 55  | .|...EV..I ..$U|</span>

<span id="LC5" class="line" lang="plaintext">00000030  99 97 b3 0f 74 68 1a de  21 be a0 72 16 b8 c9 f4  |....th..!..r....|</span>

<span id="LC6" class="line" lang="plaintext">00000040  65 04 51 60 fd 89 9b 4e  9e 5b 62 60 00 52 c0 2b  |e.Q`...N.[b`.R.+|</span>

<span id="LC7" class="line" lang="plaintext">00000050  c0 2c c0 86 c0 87 c0 09  c0 0a c0 08 c0 2f c0 30  |.,.........../.0|</span>

<span id="LC8" class="line" lang="plaintext">00000060  c0 8a c0 8b c0 13 c0 14  c0 12 00 9c 00 9d c0 7a  |...............z|</span>

<span id="LC9" class="line" lang="plaintext">00000070  c0 7b 00 2f 05 00 41 00  84 00 0a 00 9e 00 9f c0  |.{./..A.........|</span>

<span id="LC10" class="line" lang="plaintext">00000080  7c c0 7d 03 00 39 00 45  00 88 00 16 00 a2 00 a3  ||.}..9.E........|</span>

<span id="LC11" class="line" lang="plaintext">00000090  c0 80 c0 81 02 00 38 00  44 00 87 00 13 01 00 00  |......8.D.......|</span>

<span id="LC12" class="line" lang="plaintext">000000a0  67 00 05 00 05 01 00 00  00 00 00 00 00 1b 00 19  |g...............|</span>

<span id="LC13" class="line" lang="plaintext">000000b0  00 00 16 73 74 6f 72 61  67 65 2e 67 6f 6f 67 6c  |...storage.googl|</span>

<span id="LC14" class="line" lang="plaintext">000000c0  65 61 70 69 73 2e 63 6f  6d ff 01 00 01 00 00 23  |eapis.com......#|</span>

<span id="LC15" class="line" lang="plaintext">000000d0  00 00 00 0a 00 0c 00 0a  00 17 00 18 00 19 00 15  |................|</span>

<span id="LC16" class="line" lang="plaintext">000000e0  00 13 00 0b 00 02 01 00  00 0d 00 1c 00 1a 04 01  |................|</span>

<span id="LC17" class="line" lang="plaintext">000000f0  04 02 04 03 05 01 05 03  06 01 06 03 03 01 03 02  |................|</span>

<span id="LC18" class="line" lang="plaintext">00000100  03 03 02 01 02 02 02 03                           |........|</span>

<span id="LC19" class="line" lang="plaintext">00000108</span></code></pre>

<p dir="auto">So, if I understand correctly, the server accepted the resumption and responded with a <code>ChangeCipherSpec</code>, as expected. However, the client was expecting another <code>Handshake</code> packet.</p>

<p dir="auto">Any clues as to what may be causing this?</p>

<h2 dir="auto">

<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>

<p dir="auto">Expected to successfully resume the session.</p>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/822">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/eb1a0ab2849a2b827daaac4ab61f4aeb/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/822"}}</script>

</p>

</div>

</body>

</html>