<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p class="details" style="font-style: italic; color: #777;">
<a href="https://gitlab.com/IBBoard">IBBoard</a> created an issue:
</p>
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">I <em>think</em> I might be having a similar bug to <a href="https://gitlab.com/gnutls/gnutls/issues/822" data-original="#822" data-link="false" data-link-reference="false" data-project="179611" data-issue="24240147" data-reference-type="issue" data-container="body" data-placement="bottom" title="Session resumption fails against GCS after a few hours of inactivity" class="gfm gfm-issue has-tooltip">#822</a>, but it's from Twitter and it's happening the opposite way around for the expected/received types. Also, it can happen as soon as the app loads rather than after a prolonged period of not being used.</p>
<p dir="auto">My Twitter client currently errors at irregular intervals when accessing the Twitter API because it gets an out of sequence packet for its current state.</p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto">3.6.9</p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">openSUSE Tumbleweed</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">Steps to Reproduce:</p>
<ul dir="auto">
<li>Install Cawbird (<a href="https://ibboard.co.uk/cawbird/" rel="nofollow noreferrer noopener" target="_blank">https://ibboard.co.uk/cawbird/</a>)</li>
<li>Run <code>cawbird</code> from a terminal to see the logging</li>
<li>Login to your Twitter account</li>
<li>Load individual tweet by double-clicking on it, click back</li>
<li>Go back to previous step</li>
</ul>
<p dir="auto">(Sorry, I don't have a smaller test case yet, but tweet loading is passive)</p>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<p dir="auto">Eventually, it will fail to load a tweet and something a bit like:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">(cawbird:14730): cawbird-WARNING **: 11:43:55.926: Could not send tweet: Error performing TLS handshake: An unexpected TLS packet was received.</span>
<span id="LC2" class="line" lang="plaintext"></span>
<span id="LC3" class="line" lang="plaintext">(cawbird:14730): cawbird-WARNING **: 11:43:55.926: ComposeTweetWindow.vala:310: Error 5151.4 (ComposeTweetWindow.vala.310): Error performing TLS handshake: An unexpected TLS packet was received.</span></code></pre>
<p dir="auto">will be printed to the terminal (but that specific error is from trying to send a tweet). If you're unlucky then the timeline will have failed to load when you started and it will have shown a similar error.</p>
<p dir="auto">Based on packet capture, it happens when "New Session Ticket" and "Change Cipher Spec" are set on the Sever Hello, but not on just "Change Cipher Spec". When running with <code>GNUTLS_DEBUG_LEVEL</code> set then I see:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">gnutls[5]: REC[0x55bf5cb1e6b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 85</span>
<span id="LC2" class="line" lang="plaintext">gnutls[5]: REC[0x55bf5cb1e6b0]: Expected Packet Handshake(22)</span>
<span id="LC3" class="line" lang="plaintext">gnutls[5]: REC[0x55bf5cb1e6b0]: Received Packet Handshake(22) with length: 85</span>
<span id="LC4" class="line" lang="plaintext">gnutls[5]: REC[0x55bf5cb1e6b0]: Decrypted Packet[0] Handshake(22) with length: 85</span>
<span id="LC5" class="line" lang="plaintext">gnutls[4]: HSK[0x55bf5cb1e6b0]: SERVER HELLO (2) was received. Length 81[81], frag offset 0, frag length: 81, sequence: 0</span>
<span id="LC6" class="line" lang="plaintext">gnutls[3]: ASSERT: buffers.c[get_last_packet]:1161</span>
<span id="LC7" class="line" lang="plaintext">gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413</span>
<span id="LC8" class="line" lang="plaintext">gnutls[4]: HSK[0x55bf5cb1e6b0]: Server's version: 3.3</span>
<span id="LC9" class="line" lang="plaintext">gnutls[4]: HSK[0x55bf5cb1e6b0]: SessionID length: 32</span>
<span id="LC10" class="line" lang="plaintext">gnutls[4]: HSK[0x55bf5cb1e6b0]: SessionID: …</span>
<span id="LC11" class="line" lang="plaintext">gnutls[4]: EXT[0x55bf5cb1e6b0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes)</span>
<span id="LC12" class="line" lang="plaintext">gnutls[4]: HSK[0x55bf5cb1e6b0]: Safe renegotiation succeeded</span>
<span id="LC13" class="line" lang="plaintext">gnutls[5]: REC[0x55bf5cb1e6b0]: SSL 3.3 Handshake packet received. Epoch 0, length: 186</span>
<span id="LC14" class="line" lang="plaintext">gnutls[5]: REC[0x55bf5cb1e6b0]: Expected Packet ChangeCipherSpec(20)</span>
<span id="LC15" class="line" lang="plaintext">gnutls[5]: REC[0x55bf5cb1e6b0]: Received Packet Handshake(22) with length: 186</span>
<span id="LC16" class="line" lang="plaintext">gnutls[5]: REC[0x55bf5cb1e6b0]: Decrypted Packet[1] Handshake(22) with length: 186</span>
<span id="LC17" class="line" lang="plaintext">gnutls[3]: ASSERT: record.c[recv_hello_request]:774</span>
<span id="LC18" class="line" lang="plaintext">gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1579</span>
<span id="LC19" class="line" lang="plaintext">gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1777</span>
<span id="LC20" class="line" lang="plaintext">gnutls[3]: ASSERT: handshake.c[recv_handshake_final]:3272</span>
<span id="LC21" class="line" lang="plaintext">gnutls[3]: ASSERT: handshake.c[handshake_client]:3074</span>
<span id="LC22" class="line" lang="plaintext">gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589</span>
<span id="LC23" class="line" lang="plaintext">gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1777</span></code></pre>
<p dir="auto">Compared to <a href="https://gitlab.com/gnutls/gnutls/issues/822" data-original="#822" data-link="false" data-link-reference="false" data-project="179611" data-issue="24240147" data-reference-type="issue" data-container="body" data-placement="bottom" title="Session resumption fails against GCS after a few hours of inactivity" class="gfm gfm-issue has-tooltip">#822</a> I get the "Parsing extension 'Safe Renegotiation'", which succeeds, but then I get "Expected Packet ChangeCipherSpec(20)" and "Received Packet Handshake(22)" and a different set of asserts.</p>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">GnuTLS handles the New Session Ticket packet and doesn't treat it as "unexpected".</p>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/841">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/3fba89eda7f0bb6aa017d033ec41b29d/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/841"}}</script>


</p>
</div>
</body>
</html>