On Thu, Mar 13, 2025 at 08:36:08PM +0100, Alvar Penning wrote: > Hi ports, > Hi Antoine, > > After upgrading gnutls on a current system to its latest release and > restarting a daemon using GnuTLS to serve a TLS server, I experienced > rejected connections with "error -24 Decryption has failed." > > To be precise, I am using a WeeChat Relay with TLS transport encryption, > which worked fine until updating WeeChat to its latest release and > GnuTLS as well. The now failing function is gnutls_handshake(3). > > Setting GNUTLS_DEBUG_LEVEL exposed lots of errors, starting with some > generic TLS 1.3 issues. After fiddling with "openssl s_client" to start > a TLS 1.2 session, it manually worked. Later I altered GnuTLS' priority > string to disallow TLS 1.2, but now it failed due to some ciphers. > > This issue is not related to WeeChat, as gnutls-serv(1) shows. This tool > comes with GnuTLS and has, for example, a built in HTTPS server. While > creating the certificates and starting the server still works, > establishing a TLS connection now becomes tricky. > > $ gnutls-serv \ > --http \ > --x509cafile x509-ca.pem \ > --x509keyfile x509-server-key.pem \ > --x509certfile x509-server.pem \ > --priority SECURE256:-VERS-TLS1.3 \ > -d 9999 2> out > > While using openssl s_client or curl works, trying Firefox results in > the same error I am experiencing with WeeChat when using the Android > companion app. > > For example, the debug log contains multiple ASSERT messages: > > > |<5>| REC[0xba132f88000]: SSL 3.3 Handshake packet received. Epoch 1, > > length: 32 > > |<5>| REC[0xba132f88000]: Expected Packet Handshake(22) > > |<5>| REC[0xba132f88000]: Received Packet Handshake(22) with length: 32 > > |<10>| READ: Got 32 bytes from 0x5 > > |<10>| READ: read 32 bytes from 0x5 > > |<10>| RB: Have 5 bytes into buffer. Adding 32 bytes. > > |<10>| RB: Requested 37 bytes > > |<3>| ASSERT: cipher.c[wrap_nettle_cipher_aead_decrypt]:1513 > > |<3>| ASSERT: cipher.c[decrypt_packet]:614 > > |<3>| ASSERT: cipher.c[_gnutls_decrypt]:138 > > |<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1464 > > |<0xba132f88000>| Discarded message[0] due to invalid decryption
Hi. I cannot reproduce this on current at least. I tried with chromium and firefox using LE certificate and key. > Just to make sure, I have installed gnutls on an OpenBSD 7.6 server and > redid the experiment. There, no such issues happened and Firefox was > able to serve the example page via HTTPS (after ignoring cert warnings). > > I am a bit puzzled if this an GnuTLS error or more likely due to some > OpenBSD specifics. If anyone has some ideas or know where to look > closer, I am grateful. Thanks! > > Best, > Alvar > > [0]: https://gnutls.org/manual/html_node/gnutls_002dserv-Invocation.html > -- Antoine
