On Freitag, 27. März 2020 09:48:01 CET Werner Koch via Gnupg-users wrote: > That is: "Fatal alert message received" which comes from the TLS > layer. To see the actual cause you need to add > > log-file /some/file > tls-debug 2 > > or a higher level to dirmngr.conf and "gpgconf --reload dirmngr". For > me a > > gpg --locate-external-keys -v [email protected] > > (--locate-external-key is easier to type than yours. It excludes the > local keys and thus always goes out to the WKD) then gives: > > DBG: ntbtls(2): got an alert message, type: [2:40] > DBG: ntbtls(1): is a fatal alert message (msg 40) > DBG: ntbtls(1): (handshake failed) > DBG: ntbtls(1): read_record returned: Fatal alert message received <TLS> > DBG: ntbtls(2): handshake ready > TLS handshake failed: Fatal alert message received <TLS> > error connecting to 'https://openpgpkey.tor[...] > > A reason for the failed handhake might be that no common parameters > could be found.
Probably, no matching cipher suite. According to ssllabs.com/ssltest openpgpkey.torproject.org (well, at least one of the actual servers) only supports the following cipher suites: # TLS 1.3 (server has no preference) TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 # TLS 1.2 (server has no preference) TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 I think none of those matches any of those in the output of ntbtls in your message. Regards, Ingo _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
