Bug#841723: libgnutls30: Can't send mails with STARTTLS per exim

bs.net bs.net at gmx.de
Tue Oct 25 20:00:59 UTC 2016 

> Great. Is this a server accessible from the internet, can you post the
> DNS name? Or can you at least provide gnutls-cli debugging output?

The server isn't public available via internet.

Debugging output added instead.

cu Sascha
-------------- next part --------------
|<5>| REC[0x16cb080]: Allocating epoch #0
Processed 174 CA certificate(s).
Resolving '<shost>'...
Connecting to '<sip>:587'...

- Simple Client Mode:

*** Starting TLS handshake
|<3>| ASSERT: gnutls_constate.c:586
|<5>| REC[0x16cb080]: Allocating epoch #1
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 (C0.07)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_AES_256_GCM_SHA384 (00.9F)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_AES_256_GCM_SHA384 (00.A3)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256 (C0.80)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384 (C0.81)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256 (00.BD)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256 (00.C3)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
|<4>| HSK[0x16cb080]: Keeping ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 (00.66)
|<4>| EXT[0x16cb080]: Sending extension STATUS REQUEST (5 bytes)
|<4>| EXT[0x16cb080]: Sending extension SERVER NAME (20 bytes)
|<4>| EXT[0x16cb080]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<4>| EXT[0x16cb080]: Sending extension SESSION TICKET (0 bytes)
|<4>| EXT[0x16cb080]: Sending extension SUPPORTED ECC (12 bytes)
|<4>| EXT[0x16cb080]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<4>| EXT[0x16cb080]: sent signature algo (4.1) RSA-SHA256
|<4>| EXT[0x16cb080]: sent signature algo (4.2) DSA-SHA256
|<4>| EXT[0x16cb080]: sent signature algo (4.3) ECDSA-SHA256
|<4>| EXT[0x16cb080]: sent signature algo (5.1) RSA-SHA384
|<4>| EXT[0x16cb080]: sent signature algo (5.3) ECDSA-SHA384
|<4>| EXT[0x16cb080]: sent signature algo (6.1) RSA-SHA512
|<4>| EXT[0x16cb080]: sent signature algo (6.3) ECDSA-SHA512
|<4>| EXT[0x16cb080]: sent signature algo (3.1) RSA-SHA224
|<4>| EXT[0x16cb080]: sent signature algo (3.2) DSA-SHA224
|<4>| EXT[0x16cb080]: sent signature algo (3.3) ECDSA-SHA224
|<4>| EXT[0x16cb080]: sent signature algo (2.1) RSA-SHA1
|<4>| EXT[0x16cb080]: sent signature algo (2.2) DSA-SHA1
|<4>| EXT[0x16cb080]: sent signature algo (2.3) ECDSA-SHA1
|<4>| EXT[0x16cb080]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
|<4>| HSK[0x16cb080]: CLIENT HELLO was queued [273 bytes]
|<11>| HWRITE: enqueued [CLIENT HELLO] 273. Total 273 bytes.
|<11>| HWRITE FLUSH: 273 bytes in buffer.
|<5>| REC[0x16cb080]: Preparing Packet Handshake(22) with length: 273 and min pad: 0
|<9>| ENC[0x16cb080]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<11>| WRITE: enqueued 278 bytes for 0x4. Total 278 bytes.
|<5>| REC[0x16cb080]: Sent Packet[1] Handshake(22) in epoch 0 and length: 278
|<11>| HWRITE: wrote 1 bytes, 0 bytes left.
|<11>| WRITE FLUSH: 278 bytes in buffer.
|<11>| WRITE: wrote 278 bytes, 0 bytes left.
|<3>| ASSERT: gnutls_buffers.c:1104
|<10>| READ: Got 5 bytes from 0x4
|<10>| READ: read 5 bytes from 0x4
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0x16cb080]: SSL 53.52 Unknown Packet packet received. Epoch 0, length: 8275
|<3>| ASSERT: gnutls_record.c:598
|<1>| Received record packet of unknown type 53
|<3>| ASSERT: gnutls_record.c:1102
|<3>| ASSERT: gnutls_record.c:1185
|<3>| ASSERT: gnutls_buffers.c:1355
|<3>| ASSERT: gnutls_handshake.c:1428
|<3>| ASSERT: gnutls_handshake.c:2699
*** Fatal error: An unexpected TLS packet was received.
|<5>| REC: Sending Alert[2|10] - Unexpected message
|<5>| REC[0x16cb080]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<9>| ENC[0x16cb080]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<11>| WRITE: enqueued 7 bytes for 0x4. Total 7 bytes.
|<11>| WRITE FLUSH: 7 bytes in buffer.
|<11>| WRITE: wrote 7 bytes, 0 bytes left.
|<5>| REC[0x16cb080]: Sent Packet[2] Alert(21) in epoch 0 and length: 7
*** Handshake has failed

More information about the Pkg-gnutls-maint mailing list