Package: libgnutls30 Version: 3.7.2-2 Severity: normal $ gnutls-cli --priority 'NORMAL:-GROUP-SECP256R1:-GROUP-SECP384R1:-GROUP-SECP521R1' fxtop.com Processed 138 CA certificate(s). Resolving 'fxtop.com:443'... Connecting to '5.39.68.178:443'... *** Fatal error: An illegal parameter has been received.
$ openssl s_client -curves X25519 -connect fxtop.com:443 CONNECTED(00000003) (... snip ...) --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- (... snip ...) I attach a pcapng of network corresponding traffic. The same is reproducible with www.collaboraoffice.com instead of fxtop.com Note, though (not included in pcapng file): $ gnutls-cli --priority 'NORMAL:-GROUP-SECP256R1:-GROUP-SECP384R1:-GROUP-SECP521R1:-GROUP-X25519' fxtop.com (...) Resolving 'fxtop.com:443'... Connecting to '5.39.68.178:443'... (...) - Description: (TLS1.3)-(ECDHE-X448)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) -- System Information: Debian Release: 10.10 APT prefers oldstable APT policy: (600, 'oldstable'), (500, 'oldstable-updates'), (400, 'testing'), (300, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.7.0-1-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libgnutls30 depends on: ii libc6 2.31-13 ii libgmp10 2:6.1.2+dfsg-4 ii libhogweed6 3.7.3-1 ii libidn2-0 2.0.5-1+deb10u1 ii libnettle8 3.7.3-1 ii libp11-kit0 0.23.22-1 ii libtasn1-6 4.16.0-2 ii libunistring2 0.9.10-1 libgnutls30 recommends no packages. Versions of packages libgnutls30 suggests: ii gnutls-bin 3.6.7-4+deb10u7 -- no debconf information -- Lionel Mamane Tél: +352 46 67 74 Fax: +352 46 67 76 This message and any attachments may be intended to be confidential, intended solely for the addressee and/or contain legally privileged information. Any unauthorised use or dissemination is prohibited. Unless cryptographically protected, emails are susceptible to interception, alteration and spoofing, so in case of doubt, please check by independent means. We do not make any commitment by email, ever; if this emails appears to contain a commitment, we will not recognise the latter as valid, nor as engaging our liability. We make commitments only by a written paper document signed by at least one person entitled to engage our liability.
gnutls_openssl_x25519.pcapng
Description: Binary data