Gene commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2285216840 Sort of - here is summary of tcpdump - note that since I am on the internal network now I have replaced the IPs with client/server below and I am unable to share the full pcap file(s) for this reason. But of course you can also run gnutle-cli client along with tcpdump on your end and compare with what happens using other clients. I ran twice once with gnutls-cli and once with curl www.sapience.com/sitemap.xml The first difference is at step 6 where server issues HRR to gnutls while for curl it replies with 'Server Hello'. Within that client hello packet curl is sending key_share X25519 while gnutls sends 'secp256r1, x25519'. There are other differences too. My apologies for not being able to share more but you can get a pcap on your client side too, though more work for you - sorry. This is the summary of gnutls: ``` No Time Source Dest Proto Length Info ------------------------------------------------------------ 1 0.000000 client server TCP 74 50170 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=644306766 TSecr=0 WS=128 2 0.002485 server client TCP 74 443 → 50170 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM TSval=1428335904 TSecr=644306766 WS=128 3 0.002526 client server TCP 66 50170 → 443 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=644306769 TSecr=1428335904 4 0.002931 client server TLSv1.3 464 Client Hello (SNI=www.sapience.com) 5 0.004983 server client TCP 66 443 → 50170 [ACK] Seq=1 Ack=399 Win=64768 Len=0 TSval=1428335907 TSecr=644306769 6 0.005294 server client TLSv1.3 159 Hello Retry Request 7 0.005295 server client TLSv1.3 72 Change Cipher Spec 8 0.005325 client server TCP 66 50170 → 443 [ACK] Seq=399 Ack=94 Win=64256 Len=0 TSval=644306771 TSecr=1428335907 9 0.005346 client server TCP 66 50170 → 443 [ACK] Seq=399 Ack=100 Win=64256 Len=0 TSval=644306772 TSecr=1428335907 10 0.005561 client server TLSv1.3 395 Client Hello (SNI=www.sapience.com) 11 0.008015 server client TLSv1.3 73 Alert (Level: Fatal, Description: Illegal Parameter) 12 0.008017 server client TCP 66 443 → 50170 [FIN, ACK] Seq=107 Ack=728 Win=64512 Len=0 TSval=1428335910 TSecr=644306772 13 0.008122 client server TCP 66 50170 → 443 [FIN, ACK] Seq=728 Ack=108 Win=64256 Len=0 TSval=644306774 TSecr=1428335910 14 0.009992 server client TCP 66 443 → 50170 [ACK] Seq=108 Ack=729 Win=64512 Len=0 TSval=1428335912 TSecr=644306774 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2285216840 You're receiving this email because of your account on gitlab.com.
_______________________________________________ Gnutls-devel mailing list Gnutls-devel@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-devel
