Your message dated Sat, 9 Jul 2011 19:57:58 +0200
with message-id <[email protected]>
and subject line Re: Bug#633373: TLS Connection Error
has caused the Debian Bug report #633373,
regarding TLS Connection Error
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
633373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633373
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgnutls26
Version: 2.10.5-2

Severity: grave

When I try connect to tls XMPP server as talk.google.com or jabber.org the 
connection hangs and I cannot connect. I try several console clients and all 
fails.

When I try connect with gnutls-cli I give:

$ gnutls-cli -d 4 -p 5222 gajim.org
Resolving 'gajim.org'...
Connecting to '88.190.23.192:5222'...
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[0x2e608]: Sending extension CERT_TYPE
|<2>| EXT[0x2e608]: Sending extension SERVER_NAME
|<2>| EXT[0x2e608]: Sending extension SAFE_RENEGOTIATION
|<2>| EXT[0x2e608]: Sending extension SESSION_TICKET
|<2>| EXT[0x2e608]: Sending extension SIGNATURE_ALGORITHMS
|<3>| HSK[0x2e608]: CLIENT HELLO was sent [159 bytes]
|<4>| REC[0x2e608]: Sending Packet[0] Handshake(22) with length: 159
|<4>| REC[0x2e608]: Sent Packet[1] Handshake(22) with length: 164
|<2>| ASSERT: gnutls_record.c:507
|<4>| REC[0x2e608]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x2e608]: Received Packet[0] Unknown Packet(60) with length: 28012
|<4>| REC[0x2e608]: FATAL ERROR: Received packet with length: 28012
|<2>| ASSERT: gnutls_record.c:968
|<2>| ASSERT: gnutls_handshake.c:2789
*** Fatal error: A TLS packet with unexpected length was received.
|<4>| REC: Sending Alert[2|22] - Record overflow
|<4>| REC[0x2e608]: Sending Packet[1] Alert(21) with length: 2
|<4>| REC[0x2e608]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.

 
$ gnutls-cli -d 4 -p 5222 talk.google.com
Resolving 'talk.google.com'...
Connecting to '209.85.227.125:5222'...
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x2e608]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x2e608]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[0x2e608]: Sending extension CERT_TYPE
|<2>| EXT[0x2e608]: Sending extension SERVER_NAME
|<2>| EXT[0x2e608]: Sending extension SAFE_RENEGOTIATION
|<2>| EXT[0x2e608]: Sending extension SESSION_TICKET
|<2>| EXT[0x2e608]: Sending extension SIGNATURE_ALGORITHMS
|<3>| HSK[0x2e608]: CLIENT HELLO was sent [165 bytes]
|<4>| REC[0x2e608]: Sending Packet[0] Handshake(22) with length: 165
|<4>| REC[0x2e608]: Sent Packet[1] Handshake(22) with length: 170
|<2>| ASSERT: gnutls_record.c:507
|<4>| REC[0x2e608]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x2e608]: Received Packet[0] Unknown Packet(72) with length: 20527
|<4>| REC[0x2e608]: FATAL ERROR: Received packet with length: 20527
|<2>| ASSERT: gnutls_record.c:968
|<2>| ASSERT: gnutls_handshake.c:2789
*** Fatal error: A TLS packet with unexpected length was received.
|<4>| REC: Sending Alert[2|22] - Record overflow
|<4>| REC[0x2e608]: Sending Packet[1] Alert(21) with length: 2
|<4>| REC[0x2e608]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.


I think that the fail is in this package.

I'm using Debian testing Wheezy in arm. Linux enigma 2.6.38.8 #1 PREEMPT Tue 
Jun 14 01:43:26 MDT 2011 armv5tel GNU/Linux

--
Óscar García Amor
Shaman of Systems
Telf: 661.95.70.20
[email protected]


--- End Message ---
--- Begin Message ---
On 2011-07-09 Óscar García Amor <[email protected]> wrote:
> Package: libgnutls26
> Version: 2.10.5-2

> Severity: grave

> When I try connect to tls XMPP server as talk.google.com or jabber.org the 
> connection hangs and I cannot connect. I try several console clients and all 
> fails.

> When I try connect with gnutls-cli I give:

> $ gnutls-cli -d 4 -p 5222 gajim.org
[...]
> I think that the fail is in this package.
[...]

Afaiui rfc3920 XMPP does not use TLS on connect but a plaintext
connection followed by a starttls command.
http://xmpp.org/rfcs/rfc3920.html#rfc.section.5.3

You can do this with gnutls-cli by using the -s option and typing
<Ctrl>-d at the correct moment to initiate TLS negotiation.

cu andreas


--- End Message ---

Reply via email to