[Bug 734343] New: GnuTLS fails when authenticating against a SSL server.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c0 Summary: GnuTLS fails when authenticating against a SSL server. Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: martinpirata@hotmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0 Cannot make a successful connection between an openSUSE 12.1 and a FTP server using FTPS, with filezilla and gftp. As a side note, cannot sign in to msn chat, although it doesn't matter to me, but may be of help. This is the logfile on filezilla. Status: Connection established, initializing TLS... Trace: CTlsSocket::Handshake() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::OnSend() Trace: CTlsSocket::OnRead() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::Failure(-12, 103) Trace: GnuTLS alert 40: Handshake failed Error: GnuTLS error -12: A TLS fatal alert has been received. Trace: CRealControlSocket::OnClose(103) Trace: CControlSocket::DoClose(64) Trace: CFtpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Error: Could not connect to server Trace: CFileZillaEnginePrivate::ResetOperation(66) Reproducible: Always Steps to Reproduce: 1. Fresh install of 12.1 2. Open empathy and/or filezilla for example. 3. Try to sign in to hotmail, or open a ftp connection to an ssl server. Actual Results: They won't connect Expected Results: All connecting without issues -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c zj jia <zjjia@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@suse.com AssignedTo|bnc-team-screening@forge.pr |gjhe@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c1 --- Comment #1 from Guanjun He <gjhe@suse.com> 2011-12-12 07:40:22 UTC --- please help to give out more information. like: 1. libgnutls's debug output; 3. or capture some packets with wireshark; I run empathy and try to login in to hotmail,and capture the packets with wireshark, and didn't get any gnutls or ssl layer's package. I run pidgin, everything is ok. thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c2 --- Comment #2 from Martin Amadeo <martinpirata@hotmail.com> 2011-12-12 20:14:20 UTC --- Hope this helps, please ask for any additional info you may need: gnutls-cli-debug -V -d 5 -p 443 login.live.com Resolving 'login.live.com'... Connecting to '65.54.165.137:443'... |<4>| REC[0x624510]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:712 |<4>| REC[0x624510]: Allocating epoch #1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_ARCFOUR_MD5 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5 |<3>| HSK[0x624510]: CLIENT HELLO was queued [57 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 57 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 62 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.0 Handshake packet received. Length: 4456 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 4456 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 4456 |<3>| HSK[0x624510]: SERVER HELLO was received. Length 77[4452], frag offset 0, frag length: 77, sequence: 0 |<3>| HSK[0x624510]: Server's version: 3.0 |<3>| HSK[0x624510]: SessionID length: 32 |<3>| HSK[0x624510]: SessionID: d1150000e0debd016510bf56fcf6d4b42b7e6fdacb9a7567a4ce92301a28e21b |<3>| HSK[0x624510]: Selected cipher suite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Selected compression method: NULL (0) |<3>| EXT[0x624510]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) |<3>| HSK[0x624510]: Safe renegotiation succeeded |<2>| ASSERT: gnutls_buffers.c:955 |<3>| HSK[0x624510]: CERTIFICATE was received. Length 4367[4371], frag offset 0, frag length: 4367, sequence: 0 |<2>| ASSERT: gnutls_buffers.c:1161 |<2>| ASSERT: gnutls_buffers.c:955 |<3>| HSK[0x624510]: SERVER HELLO DONE was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0 |<2>| ASSERT: gnutls_buffers.c:1037 |<2>| ASSERT: gnutls_buffers.c:1161 |<2>| ASSERT: gnutls_buffers.c:1146 |<3>| HSK[0x624510]: CLIENT KEY EXCHANGE was queued [260 bytes] |<3>| REC[0x624510]: Sent ChangeCipherSpec |<4>| REC[0x624510]: Initializing epoch #1 |<4>| REC[0x624510]: Epoch #1 ready |<3>| HSK[0x624510]: Cipher Suite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Initializing internal [write] cipher sessions |<3>| HSK[0x624510]: recording tls-unique CB (send) |<3>| HSK[0x624510]: FINISHED was queued [40 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 260 |<4>| REC[0x624510]: Sent Packet[2] Handshake(22) with length: 265 |<4>| REC[0x624510]: Preparing Packet Change Cipher Spec(20) with length: 1 |<4>| REC[0x624510]: Sent Packet[3] Change Cipher Spec(20) with length: 6 |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 40 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 65 |<2>| ASSERT: session_ticket.c:682 |<4>| REC[0x624510]: SSL 3.0 Change Cipher Spec packet received. Length: 1 |<4>| REC[0x624510]: Expected Packet Change Cipher Spec(20) |<4>| REC[0x624510]: Received Packet Change Cipher Spec(20) with length: 1 |<4>| REC[0x624510]: Decrypted Packet[1] Change Cipher Spec(20) with length: 1 |<3>| HSK[0x624510]: Cipher Suite: RSA_ARCFOUR_SHA1 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.0 Handshake packet received. Length: 60 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 60 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 40 |<3>| HSK[0x624510]: FINISHED was received. Length 36[36], frag offset 0, frag length: 36, sequence: 0 |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: Epoch #0 freed |<4>| REC[0x624510]: End of epoch cleanup Checking for SSL 3.0 support... yes |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: End of epoch cleanup |<4>| REC[0x624510]: Epoch #1 freed |<4>| REC[0x624510]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:712 |<4>| REC[0x624510]: Allocating epoch #1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_AES_128_CBC_SHA1 |<3>| EXT[0x624510]: Sending extension SAFE RENEGOTIATION (1 bytes) |<3>| HSK[0x624510]: CLIENT HELLO was queued [62 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 62 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 67 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.1 Handshake packet received. Length: 4456 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 4456 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 4456 |<3>| HSK[0x624510]: SERVER HELLO was received. Length 77[4452], frag offset 0, frag length: 77, sequence: 0 |<3>| HSK[0x624510]: Server's version: 3.1 |<3>| HSK[0x624510]: SessionID length: 32 |<3>| HSK[0x624510]: SessionID: 87420000527cf2a2cf4bca17c0efee773949808ec54bb7c4886f105b8cb6b0b1 |<3>| HSK[0x624510]: Selected cipher suite: RSA_AES_128_CBC_SHA1 |<3>| HSK[0x624510]: Selected compression method: NULL (0) |<3>| EXT[0x624510]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) |<3>| HSK[0x624510]: Safe renegotiation succeeded |<2>| ASSERT: gnutls_buffers.c:955 |<3>| HSK[0x624510]: CERTIFICATE was received. Length 4367[4371], frag offset 0, frag length: 4367, sequence: 0 |<2>| ASSERT: gnutls_buffers.c:1161 |<2>| ASSERT: gnutls_buffers.c:955 |<3>| HSK[0x624510]: SERVER HELLO DONE was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0 |<2>| ASSERT: gnutls_buffers.c:1037 |<2>| ASSERT: gnutls_buffers.c:1161 |<2>| ASSERT: gnutls_buffers.c:1146 |<3>| HSK[0x624510]: CLIENT KEY EXCHANGE was queued [262 bytes] |<3>| REC[0x624510]: Sent ChangeCipherSpec |<4>| REC[0x624510]: Initializing epoch #1 |<4>| REC[0x624510]: Epoch #1 ready |<3>| HSK[0x624510]: Cipher Suite: RSA_AES_128_CBC_SHA1 |<3>| HSK[0x624510]: Initializing internal [write] cipher sessions |<3>| HSK[0x624510]: recording tls-unique CB (send) |<3>| HSK[0x624510]: FINISHED was queued [16 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 262 |<4>| REC[0x624510]: Sent Packet[2] Handshake(22) with length: 267 |<4>| REC[0x624510]: Preparing Packet Change Cipher Spec(20) with length: 1 |<4>| REC[0x624510]: Sent Packet[3] Change Cipher Spec(20) with length: 6 |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 16 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 261 |<2>| ASSERT: session_ticket.c:682 |<4>| REC[0x624510]: SSL 3.1 Change Cipher Spec packet received. Length: 1 |<4>| REC[0x624510]: Expected Packet Change Cipher Spec(20) |<4>| REC[0x624510]: Received Packet Change Cipher Spec(20) with length: 1 |<4>| REC[0x624510]: Decrypted Packet[1] Change Cipher Spec(20) with length: 1 |<3>| HSK[0x624510]: Cipher Suite: RSA_AES_128_CBC_SHA1 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.1 Handshake packet received. Length: 48 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 48 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 16 |<3>| HSK[0x624510]: FINISHED was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: Epoch #0 freed |<4>| REC[0x624510]: End of epoch cleanup Checking whether %COMPAT is required... no |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: End of epoch cleanup |<4>| REC[0x624510]: Epoch #1 freed |<4>| REC[0x624510]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:712 |<4>| REC[0x624510]: Allocating epoch #1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_ARCFOUR_MD5 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5 |<3>| EXT[0x624510]: Sending extension SAFE RENEGOTIATION (1 bytes) |<3>| HSK[0x624510]: CLIENT HELLO was queued [64 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 64 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 69 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.1 Handshake packet received. Length: 4456 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 4456 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 4456 |<3>| HSK[0x624510]: SERVER HELLO was received. Length 77[4452], frag offset 0, frag length: 77, sequence: 0 |<3>| HSK[0x624510]: Server's version: 3.1 |<3>| HSK[0x624510]: SessionID length: 32 |<3>| HSK[0x624510]: SessionID: ac2e0000ed5ed96bb4d041bf4a5c29f5b784b4fc4fb039f2730d31970dfabbc2 |<3>| HSK[0x624510]: Selected cipher suite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Selected compression method: NULL (0) |<3>| EXT[0x624510]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) |<3>| HSK[0x624510]: Safe renegotiation succeeded |<2>| ASSERT: gnutls_buffers.c:955 |<3>| HSK[0x624510]: CERTIFICATE was received. Length 4367[4371], frag offset 0, frag length: 4367, sequence: 0 |<2>| ASSERT: gnutls_buffers.c:1161 |<2>| ASSERT: gnutls_buffers.c:955 |<3>| HSK[0x624510]: SERVER HELLO DONE was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0 |<2>| ASSERT: gnutls_buffers.c:1037 |<2>| ASSERT: gnutls_buffers.c:1161 |<2>| ASSERT: gnutls_buffers.c:1146 |<3>| HSK[0x624510]: CLIENT KEY EXCHANGE was queued [262 bytes] |<3>| REC[0x624510]: Sent ChangeCipherSpec |<4>| REC[0x624510]: Initializing epoch #1 |<4>| REC[0x624510]: Epoch #1 ready |<3>| HSK[0x624510]: Cipher Suite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Initializing internal [write] cipher sessions |<3>| HSK[0x624510]: recording tls-unique CB (send) |<3>| HSK[0x624510]: FINISHED was queued [16 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 262 |<4>| REC[0x624510]: Sent Packet[2] Handshake(22) with length: 267 |<4>| REC[0x624510]: Preparing Packet Change Cipher Spec(20) with length: 1 |<4>| REC[0x624510]: Sent Packet[3] Change Cipher Spec(20) with length: 6 |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 16 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 41 |<2>| ASSERT: session_ticket.c:682 |<4>| REC[0x624510]: SSL 3.1 Change Cipher Spec packet received. Length: 1 |<4>| REC[0x624510]: Expected Packet Change Cipher Spec(20) |<4>| REC[0x624510]: Received Packet Change Cipher Spec(20) with length: 1 |<4>| REC[0x624510]: Decrypted Packet[1] Change Cipher Spec(20) with length: 1 |<3>| HSK[0x624510]: Cipher Suite: RSA_ARCFOUR_SHA1 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.1 Handshake packet received. Length: 36 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 36 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 16 |<3>| HSK[0x624510]: FINISHED was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: Epoch #0 freed |<4>| REC[0x624510]: End of epoch cleanup Checking for TLS 1.0 support... yes |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: End of epoch cleanup |<4>| REC[0x624510]: Epoch #1 freed |<4>| REC[0x624510]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:712 |<4>| REC[0x624510]: Allocating epoch #1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_ARCFOUR_MD5 |<3>| EXT[0x624510]: Sending extension SAFE RENEGOTIATION (1 bytes) |<3>| HSK[0x624510]: CLIENT HELLO was queued [62 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 62 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 67 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.1 Handshake packet received. Length: 4456 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 4456 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 4456 |<3>| HSK[0x624510]: SERVER HELLO was received. Length 77[4452], frag offset 0, frag length: 77, sequence: 0 |<3>| HSK[0x624510]: Server's version: 3.1 |<2>| ASSERT: gnutls_handshake.c:1517 |<2>| ASSERT: gnutls_handshake.c:2013 |<2>| ASSERT: gnutls_handshake.c:1250 |<2>| ASSERT: gnutls_handshake.c:2432 Checking for TLS 1.1 support... no |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: End of epoch cleanup |<4>| REC[0x624510]: Epoch #0 freed |<4>| REC[0x624510]: Epoch #1 freed |<4>| REC[0x624510]: Allocating epoch #0 |<2>| ASSERT: gnutls_constate.c:712 |<4>| REC[0x624510]: Allocating epoch #1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_3DES_EDE_CBC_SHA1 |<3>| HSK[0x624510]: Removing ciphersuite: DH_ANON_ARCFOUR_MD5 |<3>| EXT[0x624510]: Sending extension SAFE RENEGOTIATION (1 bytes) |<3>| HSK[0x624510]: CLIENT HELLO was queued [62 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 62 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 67 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.1 Handshake packet received. Length: 4456 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 4456 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 4456 |<3>| HSK[0x624510]: SERVER HELLO was received. Length 77[4452], frag offset 0, frag length: 77, sequence: 0 |<3>| HSK[0x624510]: Server's version: 3.1 |<3>| HSK[0x624510]: SessionID length: 32 |<3>| HSK[0x624510]: SessionID: 102600006e13dccfd4a5f3776cf9d1e57f770d89a08d83ca0f2d6194b1290cee |<3>| HSK[0x624510]: Selected cipher suite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Selected compression method: NULL (0) |<3>| EXT[0x624510]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) |<3>| HSK[0x624510]: Safe renegotiation succeeded |<2>| ASSERT: gnutls_buffers.c:955 |<3>| HSK[0x624510]: CERTIFICATE was received. Length 4367[4371], frag offset 0, frag length: 4367, sequence: 0 |<2>| ASSERT: gnutls_buffers.c:1161 |<2>| ASSERT: gnutls_buffers.c:955 |<3>| HSK[0x624510]: SERVER HELLO DONE was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0 |<2>| ASSERT: gnutls_buffers.c:1037 |<2>| ASSERT: gnutls_buffers.c:1161 |<2>| ASSERT: gnutls_buffers.c:1146 |<3>| HSK[0x624510]: CLIENT KEY EXCHANGE was queued [262 bytes] |<3>| REC[0x624510]: Sent ChangeCipherSpec |<4>| REC[0x624510]: Initializing epoch #1 |<4>| REC[0x624510]: Epoch #1 ready |<3>| HSK[0x624510]: Cipher Suite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x624510]: Initializing internal [write] cipher sessions |<3>| HSK[0x624510]: recording tls-unique CB (send) |<3>| HSK[0x624510]: FINISHED was queued [16 bytes] |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 262 |<4>| REC[0x624510]: Sent Packet[2] Handshake(22) with length: 267 |<4>| REC[0x624510]: Preparing Packet Change Cipher Spec(20) with length: 1 |<4>| REC[0x624510]: Sent Packet[3] Change Cipher Spec(20) with length: 6 |<4>| REC[0x624510]: Preparing Packet Handshake(22) with length: 16 |<4>| REC[0x624510]: Sent Packet[1] Handshake(22) with length: 41 |<2>| ASSERT: session_ticket.c:682 |<4>| REC[0x624510]: SSL 3.1 Change Cipher Spec packet received. Length: 1 |<4>| REC[0x624510]: Expected Packet Change Cipher Spec(20) |<4>| REC[0x624510]: Received Packet Change Cipher Spec(20) with length: 1 |<4>| REC[0x624510]: Decrypted Packet[1] Change Cipher Spec(20) with length: 1 |<3>| HSK[0x624510]: Cipher Suite: RSA_ARCFOUR_SHA1 |<2>| ASSERT: gnutls_buffers.c:955 |<4>| REC[0x624510]: SSL 3.1 Handshake packet received. Length: 36 |<4>| REC[0x624510]: Expected Packet Handshake(22) |<4>| REC[0x624510]: Received Packet Handshake(22) with length: 36 |<4>| REC[0x624510]: Decrypted Packet[0] Handshake(22) with length: 16 |<3>| HSK[0x624510]: FINISHED was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: Epoch #0 freed |<4>| REC[0x624510]: End of epoch cleanup Checking fallback from TLS 1.1 to... TLS 1.0 |<4>| REC[0x624510]: Start of epoch cleanup |<4>| REC[0x624510]: End of epoch cleanup |<4>| REC[0x624510]: Epoch #1 freed -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c3 --- Comment #3 from Guanjun He <gjhe@suse.com> 2011-12-14 06:29:52 UTC --- Seems like it works ok. and gnutls-cli -V -d 5 -p 443 login.live.com also works ok. maybe that is filezilla's bug. If you have any concern, please comment. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c4 Marek Ruszkowski <aaatoja@o2.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aaatoja@o2.pl --- Comment #4 from Marek Ruszkowski <aaatoja@o2.pl> 2011-12-14 17:22:44 UTC --- I can confirm that. I have updated opensuse 11.4->12.1 on server and desktop. After that I get GnuTLS error -12: A TLS fatal alert has been received. Pure-ftpd server with ftpes connection. I have tested this on Fedora with filezilla-3.5.1-1.fc16.x86_64 and connection was initiated properly. Differences:: opensuse: Response 220-Welcome to Pure-FTPd. .. Command: AUTH TLS Response 234 AUTH TLS OK. Status: Initializing TLS... Error: GnuTLS error -12: A TLS fatal alert has been received. Error: Could not connect to server fedora core 16: .. Status: Initializing TLS... Status: Veryfing certificate... #######here filezilla displays certificate window ..connected pure-ftpd log for opensuse connection: [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c5 --- Comment #5 from Martin Amadeo <martinpirata@hotmail.com> 2011-12-14 18:15:12 UTC --- I have tried to establish an ftps connection to the same server that I used to connect on 11.4, using filezilla and gftp. Same result on both. Also tried to login to msn from empathty, emesene and pidgin without success. All this was right after doing a zypper dup on a fresh install of 12.1. I'll try to gather useful information from my computers running 12.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c6 --- Comment #6 from Guanjun He <gjhe@suse.com> 2011-12-19 05:45:49 UTC --- Could you help to capture some packets with wireshark? thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c7 --- Comment #7 from Martin Amadeo <martinpirata@hotmail.com> 2011-12-20 04:47:06 UTC --- Please apologize me, I'm sick and fever doesn't get lower... Please wait 48 hs. for the data capture, promise. Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c8 --- Comment #8 from Guanjun He <gjhe@suse.com> 2011-12-21 05:39:38 UTC --- (In reply to comment #7)
Please apologize me, I'm sick and fever doesn't get lower... Please wait 48 hs. for the data capture, promise. Thanks
Take care yourself and have a good rest. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c Guanjun He <gjhe@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c9 --- Comment #9 from Martin Amadeo <martinpirata@hotmail.com> 2011-12-22 16:03:51 UTC --- Created an attachment (id=468712) --> (http://bugzilla.novell.com/attachment.cgi?id=468712) Wireshark capture of a failed tls handshake This is a typical failed handshake on my installations. Please note that I changed the IP address of the public FTP server I'm trying to connect to. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c10 --- Comment #10 from Martin Amadeo <martinpirata@hotmail.com> 2011-12-22 16:07:34 UTC --- (In reply to comment #8) I've attached a text file with detailed data of captured packets. Hope this helps. Thank you friend, I'm doing fine now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c11 --- Comment #11 from Guanjun He <gjhe@suse.com> 2011-12-26 07:49:39 UTC --- I didn't get any tls layer packet. Maybe you can try these steps: After open wireshark, input the port to capture, only capture the port you used, for example: port 443, then,let it goon, if you can decide that tls has got failed, stop the capturing, then use the wireshark's menu to save the captured data, no need to transform it to plain txt format, just keep the original data format. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c12 --- Comment #12 from Martin Amadeo <martinpirata@hotmail.com> 2011-12-30 16:55:20 UTC --- I captured data with wireshark but cannot get any new. Perhaps a bug exists in other component and I'm missing it. Is there a way to know what are talking libgnutls with, for example, gftp or filezilla? The handshake failure occurs between fourth and fifth packets, those with the PSH TCP flag set. I'm stuck. I can't believe that after fresh installing 12.1 I've never been able to connect using FTPS again. Hope that I can provide some help. Regards and Happy 2012 for everyone :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c13 --- Comment #13 from Franklin Titus <franklintitus@gmail.com> 2012-01-19 21:50:23 UTC --- I am having similar issue with Filezilla spitting the following: Error: GnuTLS error -12: A TLS fatal alert has been received. Error: Could not connect to server -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c14 Sebastian Siebert <freespacer@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |freespacer@gmx.de --- Comment #14 from Sebastian Siebert <freespacer@gmx.de> 2012-01-19 22:05:50 UTC --- Hi, I can confirm this issues with Filezilla 3.5.1 and 3.5.2. Status: Connection established, initializing TLS... Error: GnuTLS error -12: A TLS fatal alert has been received. Error: Could not connect to server Filezilla from this repo: http://download.opensuse.org/repositories/network/ # rpm -q filezilla filezilla-3.5.2-20.2.x86_64 gnutls: Standard packages from openSUSE 12.1: # rpm -qa | grep gnutls | sort gnutls-3.0.3-5.1.2.x86_64 libgnutls28-3.0.3-5.1.2.x86_64 libgnutls28-32bit-3.0.3-5.1.2.x86_64 libgnutls-devel-3.0.3-5.1.2.x86_64 libgnutls-extra28-3.0.3-5.1.2.x86_64 libgnutls-extra-devel-3.0.3-5.1.2.x86_64 libgnutls-openssl27-3.0.3-5.1.2.x86_64 libgnutlsxx28-3.0.3-5.1.2.x86_64 We need a fix for gnutls asap. I can test any fixed libgnutls package if necessary. Greetings, Sebastian -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c15 Sebastian Siebert <freespacer@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cstender@suse.com --- Comment #15 from Sebastian Siebert <freespacer@gmx.de> 2012-01-20 20:25:03 UTC --- Hi, the new Filezilla 3.5.3 from the repo http://download.opensuse.org/repositories/network/ works again with FTPS / SSL/TLS. We should update Filezilla 3.5.1 from the standard repo of openSUSE 12.1 to Filezilla 3.5.3. Can we move the new Filezilla to the update repo? I add the maintainer of Filezilla to CC. Thanks. Greetings, Sebastian -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c17 Mariusz Laczak <mruz@poczta.onet.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mruz@poczta.onet.pl --- Comment #17 from Mariusz Laczak <mruz@poczta.onet.pl> 2012-01-24 11:45:07 UTC --- Hi, I'm using openSUSE 12.1 x64 After update Filezilla to 3.5.3 from "network" repo, I still have this problem. I also installed other packages with tls. Regards, Mariusz -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c18 --- Comment #18 from Martin Amadeo <martinpirata@hotmail.com> 2012-01-24 14:09:34 UTC --- I have the following packages installed (filezilla now works but gftp once the server is reached, waits infinitely and never gets connected properly): libgnutls-devel-3.0.3-5.1.2.x86_64 libgnutls-extra28-3.0.3-5.1.2.x86_64 gnutls-3.0.3-5.1.2.x86_64 libgnutls28-3.0.3-5.1.2.x86_64 gftp-common-2.0.19-15.1.2.x86_64 gftp-2.0.19-15.1.2.x86_64 filezilla-3.5.3-21.1.x86_64 I don't remember what versions were installed on 11.4 but as Guan Jun He suggested, maybe this has nothing to do with gnutls. Sorry if posted a wrong named bug. Sincerely, PS: I've found here http://lists.opensuse.org/opensuse-commit/2011-12/msg00734.html that sbrabec@xxxx is the mantainer for gftp. Perhaps we could get to know what he thinks about this issue? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c19 --- Comment #19 from Guanjun He <gjhe@suse.com> 2012-01-31 04:43:37 UTC --- Anyone please capture some packets with wireshark? thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c20 --- Comment #20 from Guanjun He <gjhe@suse.com> 2012-02-23 09:17:52 UTC --- Seems like it's Filezilla's bug, so, please update to new version FileZilla. And please fill a new bug to patch FileZilla. thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=734343 https://bugzilla.novell.com/show_bug.cgi?id=734343#c21 Guanjun He <gjhe@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |INVALID --- Comment #21 from Guanjun He <gjhe@suse.com> 2012-03-21 01:34:26 UTC --- close as invalid. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com