[Pkg-gnutls-maint] Bug#466477: downgrade this bug?

Richard A Nelson cowboy at debian.org
Sun May 4 02:20:08 UTC 2008 

On Sat, 3 May 2008, Simon Josefsson wrote:

> Yes, it is a hard disconnect, it doesn't even respond to the client
> hello, which is quite nasty.  Could you try adding --disable-extensions
> to see if that works?

adding --disable-extensions didn't help, nor did it disable all
extensions

> Did this bug start to appear with more recent gnutls versions?  Or have
> you always seen it with this server, regardless of gnutls version?

Hard to say when it started, it may have always been there, I ran into
it when Debian moved the ldap packages from openssl to gnutls

My understanding is that these servers support ssl1-3, but not tls -
and forcing sslv3 does work; but you can't do that from ldap/slapd.

Script started on Sun 04 May 2008 02:15:12 AM UTC
sh-3.2# gnutls-cli  -d 4711 --disable-extensions -p 636 bluepages.ibm.com
Resolving 'bluepages.ibm.com'...
Connecting to '9.17.186.253:636'...
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[21ed970]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[21ed970]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[21ed970]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[21ed970]: Sending extension CERT_TYPE
|<3>| HSK[21ed970]: CLIENT HELLO was send [88 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[21ed970]: Sending Packet[0] Handshake(22) with length: 88
|<7>| WRITE: Will write 93 bytes to 4.
|<7>| WRITE: wrote 93 bytes to 4. Left 0 bytes. Total 93 bytes.
|<7>| 0000 - 16 03 02 00 58 01 00 00 54 03 02 48 1d 1c 3d 72 
|<7>| 0001 - 51 9b 21 d6 33 d7 48 5f da 86 09 74 97 7a 4d 2f 
|<7>| 0002 - 2a 75 71 14 54 d3 ad bc 08 92 1f 00 00 24 00 33 
|<7>| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87 
|<7>| 0004 - 00 13 00 66 00 2f 00 41 00 35 00 84 00 0a 00 05 
|<7>| 0005 - 00 04 01 00 00 07 00 09 00 03 02 00 01 
|<4>| REC[21ed970]: Sent Packet[1] Handshake(22) with length: 93
|<7>| READ: Got 0 bytes from 4
|<7>| READ: read 0 bytes from 4
|<7>| 0000 - 
|<2>| ASSERT: gnutls_buffers.c:638
|<2>| ASSERT: gnutls_record.c:907
|<2>| ASSERT: gnutls_buffers.c:1152
|<2>| ASSERT: gnutls_handshake.c:1021
|<2>| ASSERT: gnutls_handshake.c:2322
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
sh-3.2# exit

Script done on Sun 04 May 2008 02:15:26 AM UTC

-- 
Rick Nelson
Why use Windows, since there is a door?
(By fachat at galileo.rhein-neckar.de, Andre Fachat)

More information about the Pkg-gnutls-maint mailing list