https://bugzilla.novell.com/show_bug.cgi?id=870456 https://bugzilla.novell.com/show_bug.cgi?id=870456#c1 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |meissner@suse.com InfoProvider| |pmlists@free.fr --- Comment #1 from Marcus Meissner <meissner@suse.com> 2014-03-26 20:06:01 UTC --- did you install all online updates for 13.1 before trying? i tried the above code and it seems to work. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=870456 https://bugzilla.novell.com/show_bug.cgi?id=870456#c3 --- Comment #3 from Marcus Meissner <meissner@suse.com> 2014-03-26 21:39:46 UTC --- $ emacs --batch -Q --eval '(url-retrieve-synchronously "https://btc-e.com/api/2/btc_eur/ticker")' Contacting host: btc-e.com:443 gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange has been lowered to 256 bits and this may allow decryption of the session data $ its not getting things back. Does this also happen with plain $ gnutls-cli btc-e.com .. for me long good output, but no abort ... gnutls-3.2.4-2.14.1.x86_64 libgnutls28-3.0.28-1.4.1.x86_64 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=870456 https://bugzilla.novell.com/show_bug.cgi?id=870456#c5 --- Comment #5 from Peter Münster <pmlists@free.fr> 2014-03-26 22:07:43 UTC --- (In reply to comment #3)

its not getting things back.

When there is the gnutls-error, emacs returns with exit-code other than 0. And the output is: Contacting host: btc-e.com:443 gnutls.c: [0] (Emacs) fatal error: An unexpected TLS handshake packet was received. gnutls.el: (err=[-19] An unexpected TLS handshake packet was received.) boot: (:priority NORMAL :hostname btc-e.com :loglevel 0 :min-prime-bits 256 :trustfiles (/etc/ssl/ca-bundle.pem) :crlfiles nil :keylist nil :verify-flags nil :verify-error nil :callbacks nil) GnuTLS error: #<process btc-e.com>, -19

Does this also happen with plain

$ gnutls-cli btc-e.com ... for me long good output, but no abort ...

Output of gnutls-cli seems good.

gnutls-3.2.4-2.14.1.x86_64 libgnutls28-3.0.28-1.4.1.x86_64

You have libgnutls28-3.0.28-1.4.1.x86_64 installed??? This is not a 13.1-package. And then it's normal, that you don't have any problem (see above my workaround). Please try with libgnutls28-3.2.4-2.14.1.x86_64.rpm Peter -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=870456 https://bugzilla.novell.com/show_bug.cgi?id=870456#c7 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |pmlists@free.fr --- Comment #7 from Marcus Meissner <meissner@suse.com> 2014-06-14 12:58:12 UTC --- needinfo is on reporter. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=870456 https://bugzilla.novell.com/show_bug.cgi?id=870456#c9 --- Comment #9 from Marcus Meissner <meissner@suse.com> 2014-06-16 12:16:03 UTC --- 3.0.28-1.4.1 is current openSUSE 12.3 gnutls (with updates) 3.2.4-2.24.1 is current openSUSE 13.1 gnutls (with updates) I tested it on both with your testcase, it prints: $ emacs --batch -Q --eval '(url-retrieve-synchronously "https://btc-e.com/api/2/btc_eur/ticker")' Contacting host: btc-e.com:443 gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange has been lowered to 256 bits and this may allow decryption of the session data $ So I am not seeing the unexpected handshake problem. Is there a transparent proxy perhaps? Can you try: $ gnutls-cli btc-e.com and if it reproduces the alert problem can you try: $ gnutls-cli -d 255 btc-e.com and attach the debug outpzut? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=870456 https://bugzilla.novell.com/show_bug.cgi?id=870456#c11 Peter Münster <pmlists@free.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|pmlists@free.fr | --- Comment #11 from Peter Münster <pmlists@free.fr> 2014-06-16 14:00:14 UTC --- (In reply to comment #9)

Can you try:

$ gnutls-cli btc-e.com

Hi, There is no problem: Processed 153 CA certificate(s). Resolving 'btc-e.com'... Connecting to '141.101.121.194:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `OU=Domain Control Validated,CN=*.btc-e.com', issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certs.godaddy.com/repository/,CN=Go Daddy Secure Certificate Authority - G2', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-03-19 13:36:01 UTC', expires `2016-03-19 13:36:01 UTC', SHA-1 fingerprint `823c6c432ce1db127f43cf2891620570bfd2985e' Public Key Id: e66d3115b21aa22025b78955f82efb29533e515e Public key's random art: +--[ RSA 2048]----+ |. +o. . . | | *.o o . | |o +. . . . . | | . .....Eo . | | ..o .S o | | . + .o . o | | = . . o | | + o. . | | +o. | +-----------------+ - Certificate[1] info: - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certs.godaddy.com/repository/,CN=Go Daddy Secure Certificate Authority - G2', issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,CN=Go Daddy Root Certificate Authority - G2', RSA key 2048 bits, signed using RSA-SHA256, activated `2011-05-03 07:00:00 UTC', expires `2031-05-03 07:00:00 UTC', SHA-1 fingerprint `27ac9369faf25207bb2627cefaccbe4ef9c319b8' - Status: The certificate is trusted. - Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP256R1)-(AES-128-GCM)-(AEAD) - Session ID: 56:2A:58:51:F6:F0:6B:4B:7D:F9:D5:7F:23:C9:94:8E:8F:BA:2E:D3:7E:EA:58:F4:54:86:D6:E1:EB:9E:A8:1C - Ephemeral EC Diffie-Hellman parameters - Using curve: SECP256R1 - Curve size: 256 bits - Version: TLS1.2 - Key Exchange: ECDHE-RSA - Server Signature: RSA-SHA512 - Cipher: AES-128-GCM - MAC: AEAD - Compression: NULL - Handshake was completed - Simple Client Mode: - Peer has closed the GnuTLS connection It's perhaps a bit emacs-related...? Peter -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=870456 https://bugzilla.novell.com/show_bug.cgi?id=870456#c13 --- Comment #13 from Peter Münster <pmlists@free.fr> 2014-06-17 15:04:36 UTC --- (In reply to comment #12)

I also saw it now via emacs. It happens however seldom, similar to your experience.

On my system it works seldom, I get the error almost always (about 99%). Peter -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=870456 https://bugzilla.novell.com/show_bug.cgi?id=870456#c15 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|lnussel@suse.com |meissner@suse.com --- Comment #15 from Ludwig Nussel <lnussel@suse.com> 2014-07-07 14:24:35 CEST --- I don't know why this is assigned to me -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.