On 12/24/2013 08:04 AM, Andreas Metzler wrote:
On 2013-12-24 Neil Roeth <n...@debian.org> wrote:
Package: libgnutls28
Version: 3.2.7-3
Severity: important
I use wget in a cron job to connect to a URL and retrieve some
information. After an upgrade from libgnutls28:amd64 3.2.4-4 to
3.2.7-3, an attempt to reach an encrypted site with wget fails with
this error:
GnuTLS: Error in the pull function.
Unable to establish SSL connection.
Reverting to 3.2.4-4 enabled it to connect immediately. Please let
me know if you would like me to generate any particular kind of
debugging output that would help resolve this problem.
[...]
Could you post the URI?
Can you connect with gnutls-cli(-debug)?
tia, cu Andreas
The URI is https://api.dreamhost.com/
This command will illustrate the problem: wget -O- -q
https://api.dreamhost.com/
I get similar behavior with gnutls-cli, it connects with
libgnutls28-3.2.4 and hangs with libgnutls28-3.2.7. Attached are the
two logs.
Thanks.
--
Neil Roeth
# dpkg -i libgnutls28_3.2.4-4_amd64.deb
dpkg: warning: downgrading libgnutls28:amd64 from 3.2.7-3 to 3.2.4-4
(Reading database ... 308240 files and directories currently installed.)
Preparing to unpack libgnutls28_3.2.4-4_amd64.deb ...
Unpacking libgnutls28:amd64 (3.2.4-4) over (3.2.7-3) ...
Setting up libgnutls28:amd64 (3.2.4-4) ...
Processing triggers for libc-bin (2.17-97) ...
# gnutls-cli -d 10 api.dreamhost.com
|<2>| ASSERT: pkcs11.c:425
Processed 165 CA certificate(s).
Resolving 'api.dreamhost.com'...
Connecting to '75.119.208.14:443'...
|<4>| REC[0xd0bab0]: Allocating epoch #0
|<2>| ASSERT: gnutls_constate.c:581
|<4>| REC[0xd0bab0]: Allocating epoch #1
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 (C0.07)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 (00.05)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: RSA_ARCFOUR_MD5 (00.04)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
|<3>| HSK[0xd0bab0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 (00.66)
|<3>| EXT[0xd0bab0]: Sending extension STATUS REQUEST (5 bytes)
|<3>| EXT[0xd0bab0]: Sending extension SERVER NAME (22 bytes)
|<3>| EXT[0xd0bab0]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<3>| EXT[0xd0bab0]: Sending extension SESSION TICKET (0 bytes)
|<3>| EXT[0xd0bab0]: Sending extension SUPPORTED ECC (12 bytes)
|<3>| EXT[0xd0bab0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<3>| EXT[0xd0bab0]: sent signature algo (4.1) RSA-SHA256
|<3>| EXT[0xd0bab0]: sent signature algo (4.2) DSA-SHA256
|<3>| EXT[0xd0bab0]: sent signature algo (4.3) ECDSA-SHA256
|<3>| EXT[0xd0bab0]: sent signature algo (5.1) RSA-SHA384
|<3>| EXT[0xd0bab0]: sent signature algo (5.3) ECDSA-SHA384
|<3>| EXT[0xd0bab0]: sent signature algo (6.1) RSA-SHA512
|<3>| EXT[0xd0bab0]: sent signature algo (6.3) ECDSA-SHA512
|<3>| EXT[0xd0bab0]: sent signature algo (3.1) RSA-SHA224
|<3>| EXT[0xd0bab0]: sent signature algo (3.2) DSA-SHA224
|<3>| EXT[0xd0bab0]: sent signature algo (3.3) ECDSA-SHA224
|<3>| EXT[0xd0bab0]: sent signature algo (2.1) RSA-SHA1
|<3>| EXT[0xd0bab0]: sent signature algo (2.2) DSA-SHA1
|<3>| EXT[0xd0bab0]: sent signature algo (2.3) ECDSA-SHA1
|<3>| EXT[0xd0bab0]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
|<3>| HSK[0xd0bab0]: CLIENT HELLO was queued [227 bytes]
|<7>| HWRITE: enqueued [CLIENT HELLO] 227. Total 227 bytes.
|<7>| HWRITE FLUSH: 227 bytes in buffer.
|<4>| REC[0xd0bab0]: Preparing Packet Handshake(22) with length: 227 and target length: 227
|<9>| ENC[0xd0bab0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 232 bytes for 0x4. Total 232 bytes.
|<4>| REC[0xd0bab0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 232
|<7>| HWRITE: wrote 1 bytes, 0 bytes left.
|<7>| WRITE FLUSH: 232 bytes in buffer.
|<7>| WRITE: wrote 232 bytes, 0 bytes left.
|<2>| ASSERT: gnutls_buffers.c:1018
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xd0bab0]: SSL 3.1 Handshake packet received. Epoch 0, length: 74
|<4>| REC[0xd0bab0]: Expected Packet Handshake(22)
|<4>| REC[0xd0bab0]: Received Packet Handshake(22) with length: 74
|<7>| READ: Got 74 bytes from 0x4
|<7>| READ: read 74 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 74 bytes.
|<7>| RB: Requested 79 bytes
|<4>| REC[0xd0bab0]: Decrypted Packet[0] Handshake(22) with length: 74
|<6>| BUF[REC]: Inserted 74 bytes of Data(22)
|<3>| HSK[0xd0bab0]: SERVER HELLO (2) was received. Length 70[70], frag offset 0, frag length: 70, sequence: 0
|<3>| HSK[0xd0bab0]: Server's version: 3.1
|<3>| HSK[0xd0bab0]: SessionID length: 32
|<3>| HSK[0xd0bab0]: SessionID: 8602223d7fb25ce241c488de79575726fa82e7699df0ff2d951a630c0d69dbbe
|<3>| HSK[0xd0bab0]: Selected cipher suite: RSA_ARCFOUR_SHA1
|<3>| HSK[0xd0bab0]: Selected compression method: NULL (0)
|<2>| ASSERT: gnutls_extensions.c:166
|<3>| HSK[0xd0bab0]: Allowing unsafe initial negotiation
|<2>| ASSERT: gnutls_buffers.c:1018
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xd0bab0]: SSL 3.1 Handshake packet received. Epoch 0, length: 3685
|<4>| REC[0xd0bab0]: Expected Packet Handshake(22)
|<4>| REC[0xd0bab0]: Received Packet Handshake(22) with length: 3685
|<7>| READ: Got 3685 bytes from 0x4
|<7>| READ: read 3685 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 3685 bytes.
|<7>| RB: Requested 3690 bytes
|<4>| REC[0xd0bab0]: Decrypted Packet[1] Handshake(22) with length: 3685
|<6>| BUF[REC]: Inserted 3685 bytes of Data(22)
|<3>| HSK[0xd0bab0]: CERTIFICATE (11) was received. Length 3681[3681], frag offset 0, frag length: 3681, sequence: 0
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
|<2>| ASSERT: dn.c:239
|<2>| ASSERT: dn.c:239
- subject `OU=Domain Control Validated,OU=Provided by New Dream Network\, LLC,OU=DreamHost Basic Wildcard SSL,CN=*.dreamhost.com', issuer `C=US,O=DREAMHOST CERTIFICATION AUTHORITY,CN=DREAMHOST SSL DOMAIN VALIDATED CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2012-05-30 00:00:00 UTC', expires `2017-05-30 23:59:59 UTC', SHA-1 fingerprint `7650b4af26600ec7bdfa09a905489afbff740f7b'
Public Key Id:
3921de56b8f3d83ed651249bf2fcd3371ee44fd8
Public key's random art:
+--[ RSA 2048]----+
| |
| . . . |
| . o . = |
| . o =. o . |
| . S + . . |
| . * + oo |
| . o. o.+E|
| .o . oo=|
| ... .o+|
+-----------------+
- Certificate[1] info:
|<2>| ASSERT: dn.c:239
|<2>| ASSERT: dn.c:239
- subject `C=US,O=DREAMHOST CERTIFICATION AUTHORITY,CN=DREAMHOST SSL DOMAIN VALIDATED CA', issuer `C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware', RSA key 2048 bits, signed using RSA-SHA1, activated `2009-03-04 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `b6d5ee30f6e89cd9afa141c66ceee71c81d4c56e'
- Certificate[2] info:
|<2>| ASSERT: dn.c:239
|<2>| ASSERT: dn.c:239
- subject `C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware', issuer `C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root', RSA key 2048 bits, signed using RSA-SHA1, activated `2005-06-07 08:09:10 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `3d4b2a4c64317143f50258d7e6fd7d3c021a529e'
|<2>| ASSERT: status_request.c:363
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: mpi.c:246
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: mpi.c:246
|<2>| ASSERT: dn.c:991
|<2>| ASSERT: dn.c:991
- Status: The certificate is trusted.
|<2>| ASSERT: gnutls_buffers.c:1018
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xd0bab0]: SSL 3.1 Handshake packet received. Epoch 0, length: 4
|<4>| REC[0xd0bab0]: Expected Packet Handshake(22)
|<4>| REC[0xd0bab0]: Received Packet Handshake(22) with length: 4
|<7>| READ: Got 4 bytes from 0x4
|<7>| READ: read 4 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 4 bytes.
|<7>| RB: Requested 9 bytes
|<4>| REC[0xd0bab0]: Decrypted Packet[2] Handshake(22) with length: 4
|<6>| BUF[REC]: Inserted 4 bytes of Data(22)
|<3>| HSK[0xd0bab0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0
|<2>| ASSERT: gnutls_buffers.c:1010
|<2>| ASSERT: gnutls_buffers.c:1195
|<3>| HSK[0xd0bab0]: CLIENT KEY EXCHANGE was queued [262 bytes]
|<7>| HWRITE: enqueued [CLIENT KEY EXCHANGE] 262. Total 262 bytes.
|<7>| HWRITE: enqueued [CHANGE CIPHER SPEC] 1. Total 263 bytes.
|<3>| REC[0xd0bab0]: Sent ChangeCipherSpec
|<9>| INT: PREMASTER SECRET[48]: 030398d932da1f52524f928ca1b34dc21ef914483a7edc8d55e1642e521c9d5315cdf54601284e146934066dff71e8c7
|<9>| INT: CLIENT RANDOM[32]: 52ba4aeed40d336c9072e920889a3ad329f58e5a7f23bd79235de6cc5b8f6f83
|<9>| INT: SERVER RANDOM[32]: a0c6a82ce71a5c2167ad719cafac43a007754922ee556ace63c2357728ad019a
|<9>| INT: MASTER SECRET: 8155680ee2b6baf72f086fe591c75d56366dfaa1105c80dc87a04a750503163f1fdc1efaaee104b09e85174a4327318f
|<4>| REC[0xd0bab0]: Initializing epoch #1
|<9>| INT: KEY BLOCK[72]: 4bf8fc5245b61800bf865405cd92dc8427973da9a61279dc791b46f0446812d3
|<9>| INT: CLIENT WRITE KEY [16]: 7248f90497b6f6b9bf0c9d40205d1f7c
|<9>| INT: SERVER WRITE KEY [16]: 530de6fd9b94e6182b7d5304f4de6dea
|<4>| REC[0xd0bab0]: Epoch #1 ready
|<3>| HSK[0xd0bab0]: Cipher Suite: RSA_ARCFOUR_SHA1
|<3>| HSK[0xd0bab0]: Initializing internal [write] cipher sessions
|<3>| HSK[0xd0bab0]: recording tls-unique CB (send)
|<3>| HSK[0xd0bab0]: FINISHED was queued [16 bytes]
|<7>| HWRITE: enqueued [FINISHED] 16. Total 279 bytes.
|<7>| HWRITE FLUSH: 279 bytes in buffer.
|<4>| REC[0xd0bab0]: Preparing Packet Handshake(22) with length: 262 and target length: 262
|<9>| ENC[0xd0bab0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 267 bytes for 0x4. Total 267 bytes.
|<4>| REC[0xd0bab0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 267
|<7>| HWRITE: wrote 1 bytes, 17 bytes left.
|<4>| REC[0xd0bab0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and target length: 1
|<9>| ENC[0xd0bab0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 6 bytes for 0x4. Total 273 bytes.
|<4>| REC[0xd0bab0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6
|<7>| HWRITE: wrote 1 bytes, 16 bytes left.
|<4>| REC[0xd0bab0]: Preparing Packet Handshake(22) with length: 16 and target length: 16
|<9>| ENC[0xd0bab0]: cipher: ARCFOUR-128, MAC: SHA1, Epoch: 1
|<2>| ASSERT: mac.c:253
|<7>| WRITE: enqueued 41 bytes for 0x4. Total 314 bytes.
|<4>| REC[0xd0bab0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 41
|<7>| HWRITE: wrote 1 bytes, 0 bytes left.
|<7>| WRITE FLUSH: 314 bytes in buffer.
|<7>| WRITE: wrote 314 bytes, 0 bytes left.
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xd0bab0]: SSL 3.1 ChangeCipherSpec packet received. Epoch 0, length: 1
|<4>| REC[0xd0bab0]: Expected Packet ChangeCipherSpec(20)
|<4>| REC[0xd0bab0]: Received Packet ChangeCipherSpec(20) with length: 1
|<7>| READ: Got 1 bytes from 0x4
|<7>| READ: read 1 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 1 bytes.
|<7>| RB: Requested 6 bytes
|<4>| REC[0xd0bab0]: Decrypted Packet[3] ChangeCipherSpec(20) with length: 1
|<6>| BUF[REC]: Inserted 1 bytes of Data(20)
|<3>| HSK[0xd0bab0]: Cipher Suite: RSA_ARCFOUR_SHA1
|<2>| ASSERT: gnutls_buffers.c:1018
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0xd0bab0]: SSL 3.1 Handshake packet received. Epoch 0, length: 36
|<4>| REC[0xd0bab0]: Expected Packet Handshake(22)
|<4>| REC[0xd0bab0]: Received Packet Handshake(22) with length: 36
|<7>| READ: Got 36 bytes from 0x4
|<7>| READ: read 36 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 36 bytes.
|<7>| RB: Requested 41 bytes
|<2>| ASSERT: mac.c:253
|<4>| REC[0xd0bab0]: Decrypted Packet[0] Handshake(22) with length: 16
|<6>| BUF[REC]: Inserted 16 bytes of Data(22)
|<3>| HSK[0xd0bab0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
|<4>| REC[0xd0bab0]: Start of epoch cleanup
|<4>| REC[0xd0bab0]: Epoch #0 freed
|<4>| REC[0xd0bab0]: End of epoch cleanup
- Description: (TLS1.0-PKIX)-(RSA)-(ARCFOUR-128)-(SHA1)
- Session ID: 86:02:22:3D:7F:B2:5C:E2:41:C4:88:DE:79:57:57:26:FA:82:E7:69:9D:F0:FF:2D:95:1A:63:0C:0D:69:DB:BE
|<2>| ASSERT: server_name.c:291
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
|<2>| ASSERT: srtp.c:327
|<2>| ASSERT: alpn.c:210
- Handshake was completed
- Simple Client Mode:
^C
# dpkg -i libgnutls28_3.2.7-3_amd64.deb
(Reading database ... 308240 files and directories currently installed.)
Preparing to unpack libgnutls28_3.2.7-3_amd64.deb ...
Unpacking libgnutls28:amd64 (3.2.7-3) over (3.2.4-4) ...
Setting up libgnutls28:amd64 (3.2.7-3) ...
Processing triggers for libc-bin (2.17-97) ...
# gnutls-cli -d 10 api.dreamhost.com
|<2>| ASSERT: pkcs11.c:402
Processed 165 CA certificate(s).
Resolving 'api.dreamhost.com'...
Connecting to '75.119.208.14:443'...
|<4>| REC[0x19b7af0]: Allocating epoch #0
|<2>| ASSERT: gnutls_constate.c:583
|<4>| REC[0x19b7af0]: Allocating epoch #1
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 (C0.07)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: RSA_ARCFOUR_128_MD5 (00.04)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_AES_256_GCM_SHA384 (00.9F)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_AES_256_GCM_SHA384 (00.A3)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256 (C0.80)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384 (C0.81)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256 (00.BD)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256 (00.C3)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
|<3>| HSK[0x19b7af0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 (00.66)
|<3>| EXT[0x19b7af0]: Sending extension STATUS REQUEST (5 bytes)
|<3>| EXT[0x19b7af0]: Sending extension SERVER NAME (22 bytes)
|<3>| EXT[0x19b7af0]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<3>| EXT[0x19b7af0]: Sending extension SESSION TICKET (0 bytes)
|<3>| EXT[0x19b7af0]: Sending extension SUPPORTED ECC (12 bytes)
|<3>| EXT[0x19b7af0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<3>| EXT[0x19b7af0]: sent signature algo (4.1) RSA-SHA256
|<3>| EXT[0x19b7af0]: sent signature algo (4.2) DSA-SHA256
|<3>| EXT[0x19b7af0]: sent signature algo (4.3) ECDSA-SHA256
|<3>| EXT[0x19b7af0]: sent signature algo (5.1) RSA-SHA384
|<3>| EXT[0x19b7af0]: sent signature algo (5.3) ECDSA-SHA384
|<3>| EXT[0x19b7af0]: sent signature algo (6.1) RSA-SHA512
|<3>| EXT[0x19b7af0]: sent signature algo (6.3) ECDSA-SHA512
|<3>| EXT[0x19b7af0]: sent signature algo (3.1) RSA-SHA224
|<3>| EXT[0x19b7af0]: sent signature algo (3.2) DSA-SHA224
|<3>| EXT[0x19b7af0]: sent signature algo (3.3) ECDSA-SHA224
|<3>| EXT[0x19b7af0]: sent signature algo (2.1) RSA-SHA1
|<3>| EXT[0x19b7af0]: sent signature algo (2.2) DSA-SHA1
|<3>| EXT[0x19b7af0]: sent signature algo (2.3) ECDSA-SHA1
|<3>| EXT[0x19b7af0]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
|<3>| HSK[0x19b7af0]: CLIENT HELLO was queued [275 bytes]
|<7>| HWRITE: enqueued [CLIENT HELLO] 275. Total 275 bytes.
|<7>| HWRITE FLUSH: 275 bytes in buffer.
|<4>| REC[0x19b7af0]: Preparing Packet Handshake(22) with length: 275 and min pad: 0
|<9>| ENC[0x19b7af0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<7>| WRITE: enqueued 280 bytes for 0x4. Total 280 bytes.
|<4>| REC[0x19b7af0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 280
|<7>| HWRITE: wrote 1 bytes, 0 bytes left.
|<7>| WRITE FLUSH: 280 bytes in buffer.
|<7>| WRITE: wrote 280 bytes, 0 bytes left.
|<2>| ASSERT: gnutls_buffers.c:1057
^C
