Bug#1068644: gnutls-bin: "Fatal error: The encryption algorithm is not supported" appeared with 3.8.5 upgrade

Mon Apr 8 12:43:55 BST 2024

Package: gnutls-bin
Version: 3.8.5-1
Severity: normal
X-Debbugs-Cc: none, Sanjoy Mahajan <sanjoy at mit.edu>
File: /usr/bin/gnutls-cli

After dist-upgrading today, exim4 could no longer talk to my usual
outgoing mail server.  I reproduced the problem using just gnutls-cli.
The problem started after today's upgrade of the various gnutls
packages.  They were upgraded from 3.8.4-2 to 3.8.5-1.

The following command with the given input lines reproduces the problem:

  $ gnutls-cli -V -d 9 --starttls --crlf --port 587 -V outgoing.mit.edu
  EHLO randomhost
  STARTTLS
  ctrl-D [to send EOF]

It fails with "*** Fatal error: The encryption algorithm is not supported."

(I haven't tried it with other outgoing servers, but this one definitely
shows the problem.)

The problem goes away after downgrading the relevant packages to 3.8.4-2 :

  # apt install gnutls-bin=3.8.4-2 gnutls-doc=3.8.4-2 libgnutls-dane0t64=3.8.4-2 libgnutls-openssl27t64=3.8.4-2 libgnutls28-dev=3.8.4-2 libgnutls30t64=3.8.4-2

(My sources.list includes the snapshots repos

  deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20240329T213539Z/ unstable main
  deb-src [check-valid-until=no] http://snapshot.debian.org/archive/debian/20240329T213539Z/ unstable main

)

The lines around the fatal error message with 3.8.5-1 are:

  |<4>| HSK[0x5632451d5260]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0
  |<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1130
  |<3>| ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1374
  |<3>| ASSERT: ../../../lib/nettle/pk.c[_wrap_nettle_pk_encrypt]:773
  |<3>| ASSERT: ../../../lib/auth/rsa.c[_gnutls_gen_rsa_client_kx]:288
  |<3>| ASSERT: ../../lib/kx.c[_gnutls_send_client_kx_message]:379
  |<3>| ASSERT: ../../lib/handshake.c[handshake_client]:3183
  *** Fatal error: The encryption algorithm is not supported.
  |<5>| REC: Sending Alert[2|80] - Internal error
  |<5>| REC[0x5632451d5260]: Preparing Packet Alert(21) with length: 2 and min pad: 0
  |<9>| ENC[0x5632451d5260]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
  |<5>| REC[0x5632451d5260]: Sent Packet[2] Alert(21) in epoch 0 and length: 7
  *** Handshake has failed
  |<5>| REC[0x5632451d5260]: Start of epoch cleanup
  |<5>| REC[0x5632451d5260]: End of epoch cleanup
  |<5>| REC[0x5632451d5260]: Epoch #0 freed
  |<5>| REC[0x5632451d5260]: Epoch #1 freed

I've kept my packages at 3.8.4-2 for now,n but I can do more debug tests
if needed (by upgrading, testing, and downgrading).

-Sanjoy

-- System Information:
Debian Release: sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnutls-bin depends on:
ii  libc6               2.37-15.1
ii  libgnutls-dane0t64  3.8.5-1
ii  libgnutls30t64      3.8.5-1
ii  libtasn1-6          4.19.0-3+b2

gnutls-bin recommends no packages.

gnutls-bin suggests no packages.

-- no debconf information