[Help-gnutls] Re: GNUTLS ERROR: A TLS packet with unexpected length was received.

Simon Josefsson simon at josefsson.org
Wed Aug 27 12:35:10 CEST 2008 

darkdemun <darkdemun at gmail.com> writes:

> Hi, I'm making a SSL IRC bot just for learning. The thing is I get "GNUTLS
> ERROR: A TLS packet with unexpected length was received." when handshaking
> every 4 connections (and if i keep trying to connect it'll keep happening
> till i wait for a bit) and i have no idea why, I have attached a log from
> gnutls-cli.
> Also I don't get the error when connecting to a inspircd server (only tried
> connecting to unrealircd servers), I'm using x509 certificate authentication
> and basically using the code from the examples. I'm using windows by the
> way, If any of you could help i'd greatly appreciate it.
...
> |<3>| HSK[9b5be8]: CLIENT HELLO was send [43775681070366843 bytes]

That was an unrelated problem: I've fixed the debug message to be
somewhat more correct.

> |<4>| REC[9b5be8]: Sending Packet[0] Handshake(22) with length: 123
> |<2>| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_cipher.c:205

That seems strange, I'm not sure why that happens.  Do you get this
error on the successful connections too?

> |<7>| READ: Got 5 bytes from 1916
> |<7>| READ: read 5 bytes from 1916
> |<7>| 0000 - 45 52 52 4f 52
> |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
> |<7>| RB: Requested 5 bytes
> |<2>| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_record.c:506
> |<4>| REC[9b5be8]: Expected Packet[0] Handshake(22) with length: 1
> |<4>| REC[9b5be8]: Received Packet[0] Unknown Packet(69) with length: 20306
> |<4>| REC[9b5be8]: FATAL ERROR: Received packet with length: 20306

If you decode the received 5 bytes of data, you'll see that it says
'ERROR'.  Thus, the server is not talking TLS any more, but instead sent
you an unencrypted 'ERROR' message.

Presumably the server's TLS library failed, and the server didn't know
what to do.

It would help if you could debug things on the server side as well.

Things to try is to disable all TLS extensions and enable compatibility
hacks.  Try

gnutls-cli --priority NORMAL:%COMPAT

And then disable more things too.

/Simon

More information about the Gnutls-help mailing list