[Pkg-gnutls-maint] Bug#466477: downgrade this bug?

Richard A Nelson cowboy at debian.org
Sat May 3 00:22:07 UTC 2008 

On Fri, 2 May 2008, Simon Josefsson wrote:

>>> We haven't been able to reproduce this.
>>
>> Not surprising, the server is an IBM product, based upon older apache2
>> and openssl (not supporting newer TLS).
>>
>> $ ldapsearch -x -Hldap://bluepages.ibm.com -b '' -sbase
>> '(objectclass=*)' '*'
>
> That server isn't available from here, so I can't test this.

Yes, as mentioned very early in the report chain, this is an internal
server (and in the last, that I can't make available as it isn't mine)

>> $ gnutls-cli -p 636 bluepages.ibm.com
>> Resolving 'bluepages.ibm.com'...
>> Connecting to '9.17.186.253:636'...
>> *** Fatal error: A TLS packet with unexpected length was received.
>> *** Handshake has failed
>> GNUTLS ERROR: A TLS packet with unexpected length was received.
>
> Could you run this with -d 4711 and post the output?

Sure...  Looks like the server is impolite, and just hangs up
on us -- possibly due to the extensions being used (and not supported)

Script started on Sat May  3 00:15:58 2008
Resolving 'bluepages.ibm.com'...
Connecting to '9.17.186.253:636'...
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[8073d50]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[8073d50]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[8073d50]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[8073d50]: Sending extension CERT_TYPE
|<2>| EXT[8073d50]: Sending extension SERVER_NAME
|<3>| HSK[8073d50]: CLIENT HELLO was send [114 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[8073d50]: Sending Packet[0] Handshake(22) with length: 114
|<7>| WRITE: Will write 119 bytes to 9.
|<7>| WRITE: wrote 119 bytes to 9. Left 0 bytes. Total 119 bytes.
|<7>| 0000 - 16 03 02 00 72 01 00 00 6e 03 02 48 1b ae c8 9a 
|<7>| 0001 - e2 a8 31 69 21 11 de ce 95 ac 18 11 66 9b c1 e8 
|<7>| 0002 - f2 96 91 15 05 10 06 33 be 21 4a 00 00 24 00 33 
|<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87 
|<7>| 0004 - 00 13 00 66 00 2f 00 41 00 35 00 84 00 0a 00 05 
|<7>| 0005 - 00 04 01 00 00 21 00 09 00 03 02 00 01 00 00 00 
|<7>| 0006 - 16 00 14 00 00 11 62 6c 75 65 70 61 67 65 73 2e 
|<7>| 0007 - 69 62 6d 2e 63 6f 6d 
|<4>| REC[8073d50]: Sent Packet[1] Handshake(22) with length: 119
|<7>| READ: Got 0 bytes from 9
|<7>| READ: read 0 bytes from 9
|<7>| 0000 - 
|<2>| ASSERT: gnutls_buffers.c:638
|<2>| ASSERT: gnutls_record.c:907
|<2>| ASSERT: gnutls_buffers.c:1152
|<2>| ASSERT: gnutls_handshake.c:1021
|<2>| ASSERT: gnutls_handshake.c:2322
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.

Script done on Sat May  3 00:16:08 2008

-- 
Rick Nelson
<darkangel> I generally don't use anything that has "experimental" and
             "warning" pasted all over it
<darkangel> no, I'm not that dumb... hehe
<Knghtbrd> ...
* darkangel considers downloading the latest unstable kernel

More information about the Pkg-gnutls-maint mailing list