Bug#633373: TLS Connection Error
Óscar García Amor
ogarcia at moire.org
Sat Jul 9 17:42:38 UTC 2011
Package: libgnutls26
Version: 2.10.5-2
Severity: grave
When I try connect to tls XMPP server as talk.google.com or jabber.org the connection hangs and I cannot connect. I try several console clients and all fails.
When I try connect with gnutls-cli I give:
$ gnutls-cli -d 4 -p 5222 gajim.org
Resolving 'gajim.org'...
Connecting to '88.190.23.192:5222'...
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[0x2e608]: Sending extension CERT_TYPE
|<2>| EXT[0x2e608]: Sending extension SERVER_NAME
|<2>| EXT[0x2e608]: Sending extension SAFE_RENEGOTIATION
|<2>| EXT[0x2e608]: Sending extension SESSION_TICKET
|<2>| EXT[0x2e608]: Sending extension SIGNATURE_ALGORITHMS
|<3>| HSK[0x2e608]: CLIENT HELLO was sent [159 bytes]
|<4>| REC[0x2e608]: Sending Packet[0] Handshake(22) with length: 159
|<4>| REC[0x2e608]: Sent Packet[1] Handshake(22) with length: 164
|<2>| ASSERT: gnutls_record.c:507
|<4>| REC[0x2e608]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x2e608]: Received Packet[0] Unknown Packet(60) with length: 28012
|<4>| REC[0x2e608]: FATAL ERROR: Received packet with length: 28012
|<2>| ASSERT: gnutls_record.c:968
|<2>| ASSERT: gnutls_handshake.c:2789
*** Fatal error: A TLS packet with unexpected length was received.
|<4>| REC: Sending Alert[2|22] - Record overflow
|<4>| REC[0x2e608]: Sending Packet[1] Alert(21) with length: 2
|<4>| REC[0x2e608]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.
$ gnutls-cli -d 4 -p 5222 talk.google.com
Resolving 'talk.google.com'...
Connecting to '209.85.227.125:5222'...
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[0x2e608]: Sending extension CERT_TYPE
|<2>| EXT[0x2e608]: Sending extension SERVER_NAME
|<2>| EXT[0x2e608]: Sending extension SAFE_RENEGOTIATION
|<2>| EXT[0x2e608]: Sending extension SESSION_TICKET
|<2>| EXT[0x2e608]: Sending extension SIGNATURE_ALGORITHMS
|<3>| HSK[0x2e608]: CLIENT HELLO was sent [165 bytes]
|<4>| REC[0x2e608]: Sending Packet[0] Handshake(22) with length: 165
|<4>| REC[0x2e608]: Sent Packet[1] Handshake(22) with length: 170
|<2>| ASSERT: gnutls_record.c:507
|<4>| REC[0x2e608]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x2e608]: Received Packet[0] Unknown Packet(72) with length: 20527
|<4>| REC[0x2e608]: FATAL ERROR: Received packet with length: 20527
|<2>| ASSERT: gnutls_record.c:968
|<2>| ASSERT: gnutls_handshake.c:2789
*** Fatal error: A TLS packet with unexpected length was received.
|<4>| REC: Sending Alert[2|22] - Record overflow
|<4>| REC[0x2e608]: Sending Packet[1] Alert(21) with length: 2
|<4>| REC[0x2e608]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.
I think that the fail is in this package.
I'm using Debian testing Wheezy in arm. Linux enigma 2.6.38.8 #1 PREEMPT Tue Jun 14 01:43:26 MDT 2011 armv5tel GNU/Linux
--
Óscar García Amor
Shaman of Systems
Telf: 661.95.70.20
ogarcia at moire.org
More information about the Pkg-gnutls-maint
mailing list