On 2011-04-16 Gustavo Noronha Silva <k...@debian.org> wrote: > Package: libgnutls26 > Version: 2.12.2-1 [...] > I've been seeing this problem mostly in Epiphany - the web page > renders with the layout totally broken because the CSS failed to > download because of this issue. Some big sites like github.com are > affected. [...] > The reason reported is 'Peer failed to perform TLS handshake'. Here's > a test with gnutls-cli:
> kov@goiaba:~$ gnutls-cli d3nwyuy0nl342s.cloudfront.net > Resolving 'd3nwyuy0nl342s.cloudfront.net'... > Connecting to '204.246.175.60:443'... > *** Fatal error: A TLS fatal alert has been received. > *** Received alert [40]: Handshake failed > *** Handshake has failed > GnuTLS error: A TLS fatal alert has been received. [...] > ii libgcrypt11 1.5.0~beta1-1 LGPL Crypto library - runtime > libr [...] Hello, thank you for taking the time to test the packages in experimental. I can reproduce the bug. For clarification it is not caused by libgcrypt11 from experimental, libgnutls26 2.12.2-1 with stable libgcrypt11 also fails. Attached verbose log is not a lot more enlightening. cu andreas
|<4>| REC[0x9ddaf60]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:695 |<4>| REC[0x9ddaf60]: Allocating epoch #1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x9ddaf60]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<2>| EXT[0x9ddaf60]: Sending extension CERT TYPE (3 bytes) |<2>| EXT[0x9ddaf60]: Sending extension SERVER NAME (34 bytes) |<2>| EXT[0x9ddaf60]: Sending extension SAFE RENEGOTIATION (1 bytes) |<2>| EXT[0x9ddaf60]: Sending extension SESSION TICKET (0 bytes) |<2>| EXT[SIGA]: sent signature algo (4.2) DSA-SHA256 |<2>| EXT[SIGA]: sent signature algo (4.1) RSA-SHA256 |<2>| EXT[SIGA]: sent signature algo (2.1) RSA-SHA1 |<2>| EXT[SIGA]: sent signature algo (2.2) DSA-SHA1 |<2>| EXT[0x9ddaf60]: Sending extension SIGNATURE ALGORITHMS (10 bytes) |<3>| HSK[0x9ddaf60]: CLIENT HELLO was sent [159 bytes] |<6>| BUF[HSK]: Inserted 159 bytes of Data |<7>| HWRITE: enqueued 159. Total 159 bytes. |<7>| HWRITE FLUSH: 159 bytes in buffer. |<4>| REC[0x9ddaf60]: Sending Packet[0] Handshake(22) with length: 159 |<7>| WRITE: enqueued 164 bytes for 0x4. Total 164 bytes. |<4>| REC[0x9ddaf60]: Sent Packet[1] Handshake(22) with length: 164 |<7>| HWRITE: wrote 159 bytes, 0 bytes left. |<7>| WRITE FLUSH: 164 bytes in buffer. |<7>| WRITE: wrote 164 bytes, 0 bytes left. |<7>| READ: Got 5 bytes from 0x4 |<7>| READ: read 5 bytes from 0x4 |<7>| RB: Have 0 bytes into buffer. Adding 5 bytes. |<7>| RB: Requested 5 bytes |<4>| REC[0x9ddaf60]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[0x9ddaf60]: Received Packet[0] Alert(21) with length: 2 |<7>| READ: Got 2 bytes from 0x4 |<7>| READ: read 2 bytes from 0x4 |<7>| RB: Have 5 bytes into buffer. Adding 2 bytes. |<7>| RB: Requested 7 bytes |<4>| REC[0x9ddaf60]: Decrypted Packet[0] Alert(21) with length: 2 |<4>| REC[0x9ddaf60]: Alert[2|40] - Handshake failed - was received |<2>| ASSERT: gnutls_record.c:726 |<2>| ASSERT: gnutls_record.c:1122 |<2>| ASSERT: gnutls_handshake.c:2761 |<6>| BUF[HSK]: Cleared Data from buffer *** Fatal error: A TLS fatal alert has been received. |<4>| REC: Sending Alert[2|80] - Internal error |<4>| REC[0x9ddaf60]: Sending Packet[1] Alert(21) with length: 2 |<7>| WRITE: enqueued 7 bytes for 0x4. Total 7 bytes. |<7>| WRITE FLUSH: 7 bytes in buffer. |<7>| WRITE: wrote 7 bytes, 0 bytes left. |<4>| REC[0x9ddaf60]: Sent Packet[2] Alert(21) with length: 7 *** Handshake has failed GnuTLS error: A TLS fatal alert has been received. |<6>| BUF[HSK]: Cleared Data from buffer |<4>| REC[0x9ddaf60]: Epoch #0 freed |<4>| REC[0x9ddaf60]: Epoch #1 freed Resolving 'd3nwyuy0nl342s.cloudfront.net'... Connecting to '216.137.61.145:443'... *** Received alert [40]: Handshake failed
