bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#23311: TLS handshake error

From: Ludovic Courtès
Subject: bug#23311: TLS handshake error
Date: Tue, 19 Apr 2016 00:29:50 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) 
Sometimes, TLS handshakes fail in strange ways (the following happens
after a dozen of iterations; I’ve enabled GnuTLS debugging in (guix
build download) here):

--8<---------------cut here---------------start------------->8---
$ while ./pre-inst-env guix download https://mirror.hydra.gnu.org/index.html ; 
do : ; done

[...]

Starting download of /tmp/guix-file.4axVhT
>From https://mirror.hydra.gnu.org/index.html...
gnutls: [2565|3] ASSERT: gnutls_constate.c:588
gnutls: [2565|5] REC[0x1d98bd0]: Allocating epoch #1
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_128_CCM (C0.AC)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_256_CCM (C0.AD)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_128_GCM_SHA256 (00.9C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_256_GCM_SHA384 (00.9D)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_128_CBC_SHA256 (00.3C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_256_CBC_SHA256 (00.3D)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 (00.41)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 (00.84)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CCM 
(C0.9C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CCM 
(C0.9D)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_RSA_3DES_EDE_CBC_SHA1 (00.0A)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_128_GCM_SHA256 (00.9E)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_256_GCM_SHA384 (00.9F)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_128_CBC_SHA1 (00.33)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_128_CBC_SHA256 (00.67)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_256_CBC_SHA1 (00.39)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_256_CBC_SHA256 (00.6B)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_128_CCM (C0.9E)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_256_CCM (C0.9F)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension EXT MASTER SECRET (0 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension ENCRYPT THEN MAC (0 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension STATUS REQUEST (5 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SERVER NAME (25 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SAFE RENEGOTIATION (1 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SESSION TICKET (0 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SUPPORTED ECC (12 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SUPPORTED ECC POINT FORMATS 
(2 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (4.1) RSA-SHA256
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (4.3) ECDSA-SHA256
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (5.1) RSA-SHA384
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (5.3) ECDSA-SHA384
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (6.1) RSA-SHA512
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (6.3) ECDSA-SHA512
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (3.1) RSA-SHA224
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (3.3) ECDSA-SHA224
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (2.1) RSA-SHA1
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (2.3) ECDSA-SHA1
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SIGNATURE ALGORITHMS (22 
bytes)
gnutls: [2565|4] HSK[0x1d98bd0]: CLIENT HELLO was queued [256 bytes]
gnutls: [2565|5] REC[0x1d98bd0]: Preparing Packet Handshake(22) with length: 
256 and min pad: 0
gnutls: [2565|9] ENC[0x1d98bd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls: [2565|5] REC[0x1d98bd0]: Sent Packet[1] Handshake(22) in epoch 0 and 
length: 261
gnutls: [2565|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2565|10] READ: Got 0 bytes from 0xd
gnutls: [2565|10] READ: read 0 bytes from 0xd
gnutls: [2565|3] ASSERT: gnutls_buffers.c:592
gnutls: [2565|3] ASSERT: gnutls_record.c:1038
gnutls: [2565|3] ASSERT: gnutls_record.c:1158
gnutls: [2565|3] ASSERT: gnutls_buffers.c:1409
gnutls: [2565|3] ASSERT: gnutls_handshake.c:1446
gnutls: [2565|3] ASSERT: gnutls_handshake.c:2757
ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum La 
TLS-konekto estis finigita neĝuste.> handshake)'.
failed to download "/tmp/guix-file.4axVhT" from 
"https://mirror.hydra.gnu.org/index.html";
guix download: error: https://mirror.hydra.gnu.org/index.html: download failed
$ guix package -I gnutls
gnutls  3.4.7   out     /gnu/store/k1bihwrvcrhjwpxg74d93w9dwsldrvap-gnutls-3.4.7
$ git describe
v0.10.0-298-g4f8cede
--8<---------------cut here---------------end--------------->8---

For reference, the successful handshakes look like this:

--8<---------------cut here---------------start------------->8---
Starting download of /tmp/guix-file.VSDV7l
>From https://mirror.hydra.gnu.org/index.html...
gnutls: [2557|3] ASSERT: gnutls_constate.c:588
gnutls: [2557|5] REC[0x222ebd0]: Allocating epoch #1
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_128_CCM (C0.AC)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_AES_256_CCM (C0.AD)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_128_GCM_SHA256 (00.9C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_256_GCM_SHA384 (00.9D)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_128_CBC_SHA256 (00.3C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_AES_256_CBC_SHA256 (00.3D)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 (00.41)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 (00.84)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CCM 
(C0.9C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CCM 
(C0.9D)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_RSA_3DES_EDE_CBC_SHA1 (00.0A)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_128_GCM_SHA256 (00.9E)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_256_GCM_SHA384 (00.9F)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_128_CBC_SHA1 (00.33)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_128_CBC_SHA256 (00.67)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_256_CBC_SHA1 (00.39)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_256_CBC_SHA256 (00.6B)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_128_CCM (C0.9E)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_AES_256_CCM (C0.9F)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: 
GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension EXT MASTER SECRET (0 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension ENCRYPT THEN MAC (0 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension STATUS REQUEST (5 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SERVER NAME (25 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SAFE RENEGOTIATION (1 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SESSION TICKET (0 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SUPPORTED ECC (12 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SUPPORTED ECC POINT FORMATS 
(2 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (4.1) RSA-SHA256
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (4.3) ECDSA-SHA256
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (5.1) RSA-SHA384
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (5.3) ECDSA-SHA384
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (6.1) RSA-SHA512
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (6.3) ECDSA-SHA512
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (3.1) RSA-SHA224
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (3.3) ECDSA-SHA224
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (2.1) RSA-SHA1
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (2.3) ECDSA-SHA1
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SIGNATURE ALGORITHMS (22 
bytes)
gnutls: [2557|4] HSK[0x222ebd0]: CLIENT HELLO was queued [256 bytes]
gnutls: [2557|5] REC[0x222ebd0]: Preparing Packet Handshake(22) with length: 
256 and min pad: 0
gnutls: [2557|9] ENC[0x222ebd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls: [2557|5] REC[0x222ebd0]: Sent Packet[1] Handshake(22) in epoch 0 and 
length: 261
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2557|10] READ: Got 5 bytes from 0xd
gnutls: [2557|10] READ: read 5 bytes from 0xd
gnutls: [2557|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls: [2557|10] RB: Requested 5 bytes
gnutls: [2557|5] REC[0x222ebd0]: SSL 3.3 Handshake packet received. Epoch 0, 
length: 61
gnutls: [2557|5] REC[0x222ebd0]: Expected Packet Handshake(22)
gnutls: [2557|5] REC[0x222ebd0]: Received Packet Handshake(22) with length: 61
gnutls: [2557|10] READ: Got 61 bytes from 0xd
gnutls: [2557|10] READ: read 61 bytes from 0xd
gnutls: [2557|10] RB: Have 5 bytes into buffer. Adding 61 bytes.
gnutls: [2557|10] RB: Requested 66 bytes
gnutls: [2557|5] REC[0x222ebd0]: Decrypted Packet[0] Handshake(22) with length: 
61
gnutls: [2557|4] HSK[0x222ebd0]: SERVER HELLO (2) was received. Length 57[57], 
frag offset 0, frag length: 57, sequence: 0
gnutls: [2557|4] HSK[0x222ebd0]: Server's version: 3.3
gnutls: [2557|4] HSK[0x222ebd0]: SessionID length: 0
gnutls: [2557|4] HSK[0x222ebd0]: SessionID: c0
gnutls: [2557|4] HSK[0x222ebd0]: Selected cipher suite: 
ECDHE_RSA_AES_128_GCM_SHA256
gnutls: [2557|4] HSK[0x222ebd0]: Selected compression method: NULL (0)
gnutls: [2557|4] EXT[0x222ebd0]: Parsing extension 'SAFE RENEGOTIATION/65281' 
(1 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Parsing extension 'SUPPORTED ECC POINT 
FORMATS/11' (4 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Parsing extension 'SESSION TICKET/35' (0 bytes)
gnutls: [2557|4] HSK[0x222ebd0]: Safe renegotiation succeeded
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2557|10] READ: Got 5 bytes from 0xd
gnutls: [2557|10] READ: read 5 bytes from 0xd
gnutls: [2557|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls: [2557|10] RB: Requested 5 bytes
gnutls: [2557|5] REC[0x222ebd0]: SSL 3.3 Handshake packet received. Epoch 0, 
length: 2538
gnutls: [2557|5] REC[0x222ebd0]: Expected Packet Handshake(22)
gnutls: [2557|5] REC[0x222ebd0]: Received Packet Handshake(22) with length: 2538
gnutls: [2557|10] READ: Got 1339 bytes from 0xd
gnutls: [2557|10] READ: Got 1199 bytes from 0xd
gnutls: [2557|10] READ: read 2538 bytes from 0xd
gnutls: [2557|10] RB: Have 5 bytes into buffer. Adding 2538 bytes.
gnutls: [2557|10] RB: Requested 2543 bytes
gnutls: [2557|5] REC[0x222ebd0]: Decrypted Packet[1] Handshake(22) with length: 
2538
gnutls: [2557|4] HSK[0x222ebd0]: CERTIFICATE (11) was received. Length 
2534[2534], frag offset 0, frag length: 2534, sequence: 0
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2557|10] READ: Got 5 bytes from 0xd
gnutls: [2557|10] READ: read 5 bytes from 0xd
gnutls: [2557|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls: [2557|10] RB: Requested 5 bytes
gnutls: [2557|5] REC[0x222ebd0]: SSL 3.3 Handshake packet received. Epoch 0, 
length: 333
gnutls: [2557|5] REC[0x222ebd0]: Expected Packet Handshake(22)
gnutls: [2557|5] REC[0x222ebd0]: Received Packet Handshake(22) with length: 333
gnutls: [2557|10] READ: Got 333 bytes from 0xd
gnutls: [2557|10] READ: read 333 bytes from 0xd
gnutls: [2557|10] RB: Have 5 bytes into buffer. Adding 333 bytes.
gnutls: [2557|10] RB: Requested 338 bytes
gnutls: [2557|5] REC[0x222ebd0]: Decrypted Packet[2] Handshake(22) with length: 
333
gnutls: [2557|4] HSK[0x222ebd0]: SERVER KEY EXCHANGE (12) was received. Length 
329[329], frag offset 0, frag length: 329, sequence: 0
gnutls: [2557|4] HSK[0x222ebd0]: Selected ECC curve SECP256R1 (2)
gnutls: [2557|4] HSK[0x222ebd0]: verify handshake data: using RSA-SHA256
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2557|10] READ: Got 5 bytes from 0xd
gnutls: [2557|10] READ: read 5 bytes from 0xd
gnutls: [2557|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls: [2557|10] RB: Requested 5 bytes
gnutls: [2557|5] REC[0x222ebd0]: SSL 3.3 Handshake packet received. Epoch 0, 
length: 4
gnutls: [2557|5] REC[0x222ebd0]: Expected Packet Handshake(22)
gnutls: [2557|5] REC[0x222ebd0]: Received Packet Handshake(22) with length: 4
gnutls: [2557|10] READ: Got 4 bytes from 0xd
gnutls: [2557|10] READ: read 4 bytes from 0xd
gnutls: [2557|10] RB: Have 5 bytes into buffer. Adding 4 bytes.
gnutls: [2557|10] RB: Requested 9 bytes
gnutls: [2557|5] REC[0x222ebd0]: Decrypted Packet[3] Handshake(22) with length: 
4
gnutls: [2557|4] HSK[0x222ebd0]: SERVER HELLO DONE (14) was received. Length 
0[0], frag offset 0, frag length: 1, sequence: 0
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1145
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1374
gnutls: [2557|4] HSK[0x222ebd0]: CLIENT KEY EXCHANGE was queued [70 bytes]
gnutls: [2557|4] REC[0x222ebd0]: Sent ChangeCipherSpec
gnutls: [2557|9] INT: PREMASTER SECRET[32]: 
716e3dcaccba7603e0ebb582523b8843346f6a39b8cf48e2621dca454c10ab86
gnutls: [2557|9] INT: CLIENT RANDOM[32]: 
571555d2e90ca30c79a44bfb5819f6b8efd46b4b3624ea6b8fa061f5d0b112e2
gnutls: [2557|9] INT: SERVER RANDOM[32]: 
35b4aac815c824fb266db15ca58299fc404184fe9d0bcd7a0b2430648c548757
gnutls: [2557|9] INT: MASTER SECRET: 
1c79b7539323f17b5208443b95ad00d350ff0161b792bda105ca16617af059fb3bfe7aae6917cd99c4dc2a12c2e66fea
gnutls: [2557|5] REC[0x222ebd0]: Initializing epoch #1
gnutls: [2557|9] INT: KEY BLOCK[40]: 
53c329765d368833c6633081fe69fc63065ea7a51deab4bc5e06a43067e85a2e
gnutls: [2557|9] INT: CLIENT WRITE KEY [16]: 53c329765d368833c6633081fe69fc63
gnutls: [2557|9] INT: SERVER WRITE KEY [16]: 065ea7a51deab4bc5e06a43067e85a2e
gnutls: [2557|5] REC[0x222ebd0]: Epoch #1 ready
gnutls: [2557|4] HSK[0x222ebd0]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256
gnutls: [2557|4] HSK[0x222ebd0]: Initializing internal [write] cipher sessions
gnutls: [2557|4] HSK[0x222ebd0]: recording tls-unique CB (send)
gnutls: [2557|4] HSK[0x222ebd0]: FINISHED was queued [16 bytes]
gnutls: [2557|5] REC[0x222ebd0]: Preparing Packet Handshake(22) with length: 70 
and min pad: 0
gnutls: [2557|9] ENC[0x222ebd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls: [2557|5] REC[0x222ebd0]: Sent Packet[2] Handshake(22) in epoch 0 and 
length: 75
gnutls: [2557|5] REC[0x222ebd0]: Preparing Packet ChangeCipherSpec(20) with 
length: 1 and min pad: 0
gnutls: [2557|9] ENC[0x222ebd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls: [2557|5] REC[0x222ebd0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 
and length: 6
gnutls: [2557|5] REC[0x222ebd0]: Preparing Packet Handshake(22) with length: 16 
and min pad: 0
gnutls: [2557|9] ENC[0x222ebd0]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1
gnutls: [2557|5] REC[0x222ebd0]: Sent Packet[1] Handshake(22) in epoch 1 and 
length: 45
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154

[...]
--8<---------------cut here---------------end--------------->8---

In the bad case, the client gets stuck for a few seconds in ‘recvfrom’
and eventually bails out (“Got 0 bytes from 0xd”).

The same loop with https://www.gnu.org/index.html or
https://hydra.gnu.org/logo works well, it seems, so it might be a
misconfiguration on mirror.hydra.gnu.org.

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]