[gnutls-help] help needed with: Alert(21)

Michael Wohlwend micha-1 at fantasymail.de
Thu Sep 29 12:11:21 CEST 2022 

Hi,

I got a problem with a gnutls client-server connection which breaks after 
sending 64GB of data. Most often less data is send, so the problem was not 
recognized. I'm using the gnutls version in debian bullseye. One computer is 
still running debian stretch, where it doesn't break, but just happily handles 
more than 64 GB, so I think the client side is responsible for closing the 
connection.

I have not that much knowing of the gnutls lib and just turned on debug 
output.

The last lines in the log I'm seeing before the connection breaks are:

gnutls[5]: REC[0x564834690fd0]: SSL 3.3 Application Data packet received. 
Epoch 2, length: 27
gnutls[5]: REC[0x564834690fd0]: Expected Packet Application Data(23)
gnutls[5]: REC[0x564834690fd0]: Received Packet Application Data(23) with 
length: 27
gnutls[10]: READ: Got 27 bytes from 0x564834608640
gnutls[10]: READ: read 27 bytes from 0x564834608640
gnutls[10]: RB: Have 5 bytes into buffer. Adding 27 bytes.
gnutls[10]: RB: Requested 32 bytes
gnutls[5]: REC[0x564834690fd0]: Decrypted Packet[0] Application Data(23) with 
length: 10
gnutls[13]: BUF[REC]: Inserted 10 bytes of Data(23)
gnutls[11]: WRITE FLUSH: 0 bytes in buffer.
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:696
gnutls[5]: REC: Sending Alert[1|0] - Benachrichtigung schließen (notify close)
gnutls[5]: REC[0x564834690fd0]: Preparing Packet Alert(21) with length: 2 and 
min pad: 0
gnutls[9]: ENC[0x564834690fd0]: cipher: AES-256-GCM, MAC: AEAD, Epoch: 2
gnutls[11]: WRITE: enqueued 24 bytes for 0x564834608640. Total 24 bytes.
gnutls[11]: WRITE FLUSH: 24 bytes in buffer.
gnutls[11]: WRITE: wrote 24 bytes, 0 bytes left.
gnutls[5]: REC[0x564834690fd0]: Sent Packet[2] Alert(21) in epoch 2 and 
length: 24
gnutls[10]: READ: Got 0 bytes from 0x564834608640
gnutls[10]: READ: read 0 bytes from 0x564834608640
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:593
gnutls[3]: ASSERT: ../../lib/record.c[recv_headers]:1184
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1310
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1614
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x564834690fd0]: Start of epoch cleanup
gnutls[5]: REC[0x564834690fd0]: End of epoch cleanup
gnutls[5]: REC[0x564834690fd0]: Epoch #2 freed


Doesn't Alert(21) means "Decryption failed" ?  but why, when it works before?

Has something changed between versions 3.5 and 3.7 which explains that 64G 
border?

Thanks for helping,
 Michael

More information about the Gnutls-help mailing list