Bug#980119: libgnutls30: "An unexpected TLS packet was received" when connecting to FTPS (FTP/TLS) servers

[Boyd Stephen Smith Jr.]

Package: libgnutls30
Version: 3.7.0-5
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Maintainer,

Trying to upload some files to a game hosting provider that only allows FTPS
(not SFTP) access. Provider is akliz.net.

Each customer gets a private virtual (vsftp?) instance. I'm connecting to
bos-sr-2-36.akliz.net

In both FileZilla 3.51.0-1 and lftp 4.8.4-2+b1 I get an error _after_ a
successful login when trying to list the contents of the current directory.

In FileZilla, this shows as a number of red error messages ending with "GnuTLS
error -15 in gnutls_record_recv: An unexpected TLS packet was received." In
lftp, this shows as a single filure line: "Fatal error: gnutls_record_recv: An
unexpected TLS packet was received."

Due to the failure in multiple front ends, I believe this is a library issue.

Prior to upgrading to bullseye/sid, I was able to use FileZilla to connect to
the same private virtual server from the same provider. So, I believe this is
a regression from working behavior of GNUTLS in buster.

Please let me know the best way to collect any further documentation that might
be helpful, I can reproduce the issue at will.

- -- System Information:
Debian Release: bullseye/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'stable-updates'), (900, 'stable-debug'), (900, 'testing'), (900, 'stable'), (850, 'proposed-updates-debug'), (850, 'proposed-updates'), (500, 'unstable-debug'), (500, 'unstable'), (300, 'experimental-debug'), (300, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-5-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libgnutls30 depends on:
ii libc6 2.31-9
ii libgmp10 2:6.2.1+dfsg-1
ii libhogweed6 3.6-2
ii libidn2-0 2.3.0-4
ii libnettle8 3.6-2
ii libp11-kit0 0.23.22-1
ii libtasn1-6 4.16.0-2
ii libunistring2 0.9.10-4

libgnutls30 recommends no packages.

Versions of packages libgnutls30 suggests:
ii gnutls-bin 3.7.0-5

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iHQEARECADQWIQTFhn3a8g2plxzZYyjnmmovsbVAWQUCYACD8RYcYnNzQGlndWFu
YXN1aWNpZGUubmV0AAoJEOeaai+xtUBZSCsAn2t2l5yMNo+8bVxy02EiBr5SxlUt
AJ49lFmU8Yi3kRby2+7bbv3O0kZoqQ==
=EL1C
-----END PGP SIGNATURE-----

[caca...@tuxfamily.org]

Package: libgnutls30
Version: 3.7.0-5

Same issue here, I rarely need FTP so it's a chance to see this bug
report here since I wasn't sure of the track..

My problem happens while trying to connect on a FTP server running
Cerberus FTP (Windows).
It doesn't seem to happen on the other FTP servers I have in my list.

Also tried with lftp and gftp, same error messages than OP.

-- System Information:
Debian Release: bullseye/sid
APT prefers testing

APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-1-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libgnutls30 depends on:
ii libc6 2.31-9
ii libgmp10 2:6.2.1+dfsg-1
ii libhogweed6 3.6-2
ii libidn2-0 2.3.0-4
ii libnettle8 3.6-2
ii libp11-kit0 0.23.22-1
ii libtasn1-6 4.16.0-2
ii libunistring2 0.9.10-4

libgnutls30 recommends no packages.

Versions of packages libgnutls30 suggests:

pn gnutls-bin <none>

-- debconf-show failed

[Andreas Metzler]

On 2021-01-14 "Boyd Stephen Smith Jr." <b...@IguanaSuicide.net> wrote:
> Package: libgnutls30
> Version: 3.7.0-5
> Severity: normal

> Dear Maintainer,

> Trying to upload some files to a game hosting provider that only allows FTPS
> (not SFTP) access. Provider is akliz.net.

> Each customer gets a private virtual (vsftp?) instance. I'm connecting to
> bos-sr-2-36.akliz.net

> In both FileZilla 3.51.0-1 and lftp 4.8.4-2+b1 I get an error _after_ a
> successful login when trying to list the contents of the current directory.

[...]

Is this reproducible with gnutls-cli?

-----
gnutls-cli --starttls-proto=ftp bos-sr-2-36.akliz.net
...
USER _loginhere_
PASS _passwordhere_
PWD
-----

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

[caca...@tuxfamily.org]

No success on my side, it times out, or doesn't seem to send/process the
USER/PASS if I input them, maybe I was late this time.
The server has IP blacklisting so it doesn't help...

~~~
$ gnutls-cli --starttls-proto=ftp myftphost -V
Processed 126 CA certificate(s).
Resolving 'myftphost:ftp'...
Connecting to 'ip.ip.ip.ip:21'...
Negotiating FTP STARTTLS
starttls: sending: FEAT

starttls: waiting for: "211 "
starttls: received: 220 Some Welcome Message

starttls: received: 521 Not logged in - Secure authentication required

USER myuser
PASS error receiving '211 ': Timeout
~~~

With the same host but with Filezilla it was able to receive the
certificate before trying to Login.

With some other host (the one used by OP) I receive the certificate and
go into simple client mode, so it could have worked.

[Andreas Metzler]

On 2021-01-15 Andreas Metzler <amet...@bebt.de> wrote:
> On 2021-01-14 "Boyd Stephen Smith Jr." <b...@IguanaSuicide.net> wrote:

[...]

> > Dear Maintainer,

>> Trying to upload some files to a game hosting provider that only
>> allows FTPS (not SFTP) access. Provider is akliz.net.

>> Each customer gets a private virtual (vsftp?) instance. I'm connecting to
>> bos-sr-2-36.akliz.net

>> In both FileZilla 3.51.0-1 and lftp 4.8.4-2+b1 I get an error _after_ a
>> successful login when trying to list the contents of the current directory.
> [...]

> Is this reproducible with gnutls-cli?

Does
env GNUTLS_DEBUG_LEVEL=4711 lftp ....
produce more verbose output?

cu Andreas

[Boyd Stephen Smith Jr.]

On Saturday, January 16, 2021 2:23:43 PM CST Boyd Stephen Smith Jr. wrote:

> On Friday, January 15, 2021 12:02:35 PM CST Andreas Metzler wrote:
> > Is this reproducible with gnutls-cli?
>

> That works:
>
> But, I clearly don't know enough about raw FTP protocol to get a data
> transfer started:
>
> Note that connection in both FileZilla and lftp only fails once I try to
> list the contents of the current directory. They are port able to connect
> and login as well.

I tried again, but I'm betting gnutls-cli doesn't handle the weirdness that is
FTP well. I'm going to try to do a passive transfer, because I'm behind at
least one NAT, so I don't think active transfer is going to work:

It starts as before with the certificate, and me logging in:

---8<---
230 Login successful.
PBSZ 0
200 PBSZ set to 0.
PROT P
200 PROT now Private.
PASV
227 Entering Passive Mode (8,48,33,7,5,1).
LIST
---8<---

Here the connect appears to hang for too long, and I end up sending some more
commands before the LIST command ends

---8<---

HELP
PWD
425 Failed to establish connection.
214-The following commands are recognized.
ABOR ACCT ALLO APPE CDUP CWD DELE EPRT EPSV FEAT HELP LIST MDTM MKD
MODE NLST NOOP OPTS PASS PASV PORT PWD QUIT REIN REST RETR RMD RNFR
RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD
XPWD XRMD
214 Help OK.
257 "/"
PASV
227 Entering Passive Mode (8,48,33,7,4,225).
LIST
425 Failed to establish connection.
--->8---

For that last LIST, I simply waited calmly until I got the result.

(The password I sent in plaintext earlier is no longer valid, BTW.)

If you think PASV is the issue, I should be able to retry from a system that's
not NAT'd or otherwise configure the network for a PORT connection. But, I
don't know GNU TLS is going to handle that any better. Let me know if it is
worth an attempt.

If you've got some hints on how to use gnutls-cli for a PASV transfer, I'll
gladly take them.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
Twitter: @DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/

[Boyd Stephen Smith Jr.]

On Saturday, January 16, 2021 6:35:13 AM CST Andreas Metzler wrote:
> Does
> env GNUTLS_DEBUG_LEVEL=4711 lftp ....
> produce more verbose output?

Yes. But, probably not verbose enough:
---8<---
% env GNUTLS_DEBUG_LEVEL=4711 lftp -u boyd.steph...@gmail.com.125388
bos-sr-2-36.akliz.net
gnutls[2]: Enabled GnuTLS 3.7.0 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel SHA was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2
Password:
lftp boyd.steph...@gmail.com.125388@bos-sr-2-36.akliz.net:~> ls
ls: Fatal error: gnutls_record_recv: An unexpected TLS packet was received.
--->8---

[Boyd Stephen Smith Jr.]

On Friday, January 15, 2021 12:02:35 PM CST Andreas Metzler wrote:

> Is this reproducible with gnutls-cli?
>
> -----
> gnutls-cli --starttls-proto=ftp bos-sr-2-36.akliz.net
> ...
> USER _loginhere_
> PASS _passwordhere_
> PWD
> -----

That works:

---8<---
% gnutls-cli --starttls-proto=ftp bos-sr-2-36.akliz.net
Processed 126 CA certificate(s).
Resolving 'bos-sr-2-36.akliz.net:ftp'...
Connecting to '8.48.33.7:21'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=bos-sr-2-36.akliz.net', issuer `CN=R3,O=Let's Encrypt,C=US',
serial 0x03f0eed09043a9a3dbf803d708af1c69e2cb, RSA key 2048 bits, signed using
RSA-SHA256, activated `2020-12-03 23:00:42 UTC', expires `2021-03-03 23:00:42
UTC', pin-sha256="69VuNIHD0lVaLOn9/cadykjHGtIcENyTp7HOQC+ppts="
Public Key ID:
sha1:aaf17878dc41169ab8998a5244753fb5440fb852
sha256:ebd56e3481c3d2555a2ce9fdfdc69dca48c71ad21c10dc93a7b1ce402fa9a6db
Public Key PIN:
pin-sha256:69VuNIHD0lVaLOn9/cadykjHGtIcENyTp7HOQC+ppts=

- Certificate[1] info:
- subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital
Signature Trust Co.', serial 0x400175048314a4c8218c84a90c16cddf, RSA key 2048
bits, signed using RSA-SHA256, activated `2020-10-07 19:21:40 UTC', expires
`2021-09-29 19:21:40 UTC', pin-
sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Status: The certificate is trusted.
- Successfully sent 0 certificate(s) to server.
- Description: (TLS1.0-X.509)-(ECDHE-SECP256R1)-(AES-128-CBC)-(SHA1)
- Session ID: 78:CC:6C:F1:66:01:CA:0C:7A:4E:FC:FF:DA:04:59:30:44:7C:
81:B7:59:44:6D:44:71:56:72:62:EA:DA:0E:41
- Options: safe renegotiation,
- Handshake was completed

- Simple Client Mode:

USER boyd.steph...@gmail.com.125388
331 Please specify the password.
PASS R7Pr6Uq6RC4N7we!
230 Login successful.
PWD
257 "/"
--->8---

But, I clearly don't know enough about raw FTP protocol to get a data transfer
started:

---8<---
LIST
425 Use PORT or PASV first.
PASV
227 Entering Passive Mode (8,48,33,7,4,208).
LIST
522 Data connections must be encrypted.
HELP

214-The following commands are recognized.
ABOR ACCT ALLO APPE CDUP CWD DELE EPRT EPSV FEAT HELP LIST MDTM MKD
MODE NLST NOOP OPTS PASS PASV PORT PWD QUIT REIN REST RETR RMD RNFR
RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD
XPWD XRMD
214 Help OK.

HELP PORT

214-The following commands are recognized.
ABOR ACCT ALLO APPE CDUP CWD DELE EPRT EPSV FEAT HELP LIST MDTM MKD
MODE NLST NOOP OPTS PASS PASV PORT PWD QUIT REIN REST RETR RMD RNFR
RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD
XPWD XRMD
214 Help OK.

CWD /custom-minecraft
250 Directory successfully changed.
NLST
522 Data connections must be encrypted.
PORT
500 Illegal PORT command.
--->8---

Note that connection in both FileZilla and lftp only fails once I try to list
the contents of the current directory. They are port able to connect and
login as well.

[Boyd Stephen Smith Jr.]

On Saturday, January 16, 2021 2:26:52 PM CST Boyd Stephen Smith Jr. wrote:
> On Saturday, January 16, 2021 6:35:13 AM CST Andreas Metzler wrote:
> > Does
> > env GNUTLS_DEBUG_LEVEL=4711 lftp ....
> > produce more verbose output?
>
> Yes. But, probably not verbose enough:

I don't know about GNU TLS, but I got lftp to tell me more about what it is
doing:
---8<---
% env GNUTLS_DEBUG_LEVEL=4711 lftp -e 'set cmd:trace yes' -e 'set log:enabled
true' -u boyd.steph...@gmail.com.125388 bos-sr-2-36.akliz.net

gnutls[2]: Enabled GnuTLS 3.7.0 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel SHA was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2
Password:
lftp boyd.steph...@gmail.com.125388@bos-sr-2-36.akliz.net:~> ls

---- Connecting to bos-sr-2-36.akliz.net (8.48.33.7) port 21
<--- 220 (vsFTPd 2.2.2)
---> FEAT
<--- 211-Features:
<--- AUTH SSL
<--- AUTH TLS
<--- EPRT
<--- EPSV
<--- MDTM
<--- PASV
<--- PBSZ
<--- PROT
<--- REST STREAM
<--- SIZE
<--- TVFS
<--- UTF8
<--- 211 End
---> AUTH TLS
<--- 234 Proceed with negotiation.
---> OPTS UTF8 ON
Certificate: CN=bos-sr-2-36.akliz.net
Issued by: C=US,O=Let's Encrypt,CN=R3
Checking against: C=US,O=Let's Encrypt,CN=R3
Trusted
Certificate: C=US,O=Let's Encrypt,CN=R3
Issued by: O=Digital Signature Trust Co.,CN=DST Root CA X3
Trusted
<--- 200 Always in UTF8 mode.
---> USER boyd.steph...@gmail.com.125388
<--- 331 Please specify the password.
---> PASS XXXX
<--- 230 Login successful.
---> PWD
<--- 257 "/"
---> PBSZ 0
<--- 200 PBSZ set to 0.
---> PROT P
<--- 200 PROT now Private.
---> PASV
<--- 227 Entering Passive Mode (8,48,33,7,4,186).
---- Connecting data socket to (8.48.33.7) port 1210
---- Data connection established
---> LIST
<--- 150 Here comes the directory listing.
**** gnutls_handshake: An unexpected TLS packet was received.
---- Closing data socket
**** gnutls_record_recv: An unexpected TLS packet was received.
---- Closing control socket

ls: Fatal error: gnutls_record_recv: An unexpected TLS packet was received.

lftp boyd.steph...@gmail.com.125388@bos-sr-2-36.akliz.net:/> bye

[Andreas Metzler]

On 2021-01-16 "Boyd Stephen Smith Jr." <b...@iguanasuicide.net> wrote:
> On Saturday, January 16, 2021 6:35:13 AM CST Andreas Metzler wrote:
> > Does
> > env GNUTLS_DEBUG_LEVEL=4711 lftp ....
> > produce more verbose output?

> Yes. But, probably not verbose enough:
> ---8<---
> % env GNUTLS_DEBUG_LEVEL=4711 lftp -u boyd.steph...@gmail.com.125388
> bos-sr-2-36.akliz.net
> gnutls[2]: Enabled GnuTLS 3.7.0 logging...
> gnutls[2]: getrandom random generator was detected
> gnutls[2]: Intel SSSE3 was detected
> gnutls[2]: Intel SHA was detected
> gnutls[2]: Intel AES accelerator was detected
> gnutls[2]: Intel GCM accelerator (AVX) was detected
> gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2
> Password:
> lftp boyd.steph...@gmail.com.125388@bos-sr-2-36.akliz.net:~> ls
> ls: Fatal error: gnutls_record_recv: An unexpected TLS packet was received.
> --->8---

Hello,

ah, lftp overrides this with gnutls_global_set_log_level(). Does wget
also fail? If it does can you try something like
env GNUTLS_DEBUG_LEVEL=4711 wget --verbose--debug --ask-password --user=boyd.steph...@gmail.com.125388 ftps://bos-sr-2-36.akliz.net/somefile

[Boyd Stephen Smith Jr.]

Yes, Wget also failed, it actually SIGABRTed.

WARNING lots of data. I skipped to where the data transfer actually started.
Changing directories worked as far as I could tell.

---8<---
227 Entering Passive Mode (8,48,33,7,5,0).
trying to connect to 8.48.33.7 port 1280
Created socket 4.
done. ==> RETR whitelist.json ...
--> RETR whitelist.json

gnutls[5]: REC[0x55baf0c5d760]: Preparing Packet Application Data(23) with
length: 21 and min pad: 0
gnutls[9]: ENC[0x55baf0c5d760]: cipher: AES-128-CBC, MAC: SHA1, Epoch: 1
gnutls[11]: WRITE: enqueued 53 bytes for 0x3. Total 53 bytes.
gnutls[11]: WRITE FLUSH: 53 bytes in buffer.
gnutls[11]: WRITE: wrote 53 bytes, 0 bytes left.
gnutls[5]: REC[0x55baf0c5d760]: Sent Packet[12] Application Data(23) in epoch
1 and length: 53
gnutls[10]: READ: -1 returned from 0x3, errno=11 gerrno=0
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_int]:1776
gnutls[10]: READ: Got 5 bytes from 0x3
gnutls[10]: READ: read 5 bytes from 0x3
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0c5d760]: SSL 3.1 Application Data packet received.
Epoch 1, length: 96
gnutls[5]: REC[0x55baf0c5d760]: Expected Packet Application Data(23)
gnutls[5]: REC[0x55baf0c5d760]: Received Packet Application Data(23) with
length: 96
gnutls[10]: READ: Got 96 bytes from 0x3
gnutls[10]: READ: read 96 bytes from 0x3
gnutls[10]: RB: Have 5 bytes into buffer. Adding 96 bytes.
gnutls[10]: RB: Requested 101 bytes
gnutls[5]: REC[0x55baf0c5d760]: Decrypted Packet[11] Application Data(23) with
length: 71
gnutls[13]: BUF[REC]: Inserted 71 bytes of Data(23)
150 Opening BINARY mode data connection for whitelist.json (2 bytes).
done.
Length: 2 (unauthoritative)
gnutls[5]: REC[0x55baf0f22d60]: Allocating epoch #0
gnutls[2]: added 6 protocols, 29 ciphersuites, 19 sig algos and 10 groups into
priority list
gnutls[5]: REC[0x55baf0f22d60]: Allocating epoch #1
gnutls[4]: HSK[0x55baf0f22d60]: Adv. version: 3.1
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (OCSP Status Request/5)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension OCSP Status Request/5 (5
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Client Certificate Type/
19) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Server Certificate Type/
20) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported Groups/10) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group X448 (0x1e)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported Groups/10 (22
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported EC Point
Formats/11) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported EC Point Formats/
11 (2 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (SRP/12) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Signature Algorithms/13)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (SRTP/14) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Heartbeat/15) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (ALPN/16) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Encrypt-then-MAC/22) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Extended Master Secret/
23) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Session Ticket/35) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Session Ticket/35 (192
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Key Share/51) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: sending key share for SECP256R1
gnutls[4]: EXT[0x55baf0f22d60]: sending key share for X25519
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported Versions/43)
for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: Advertizing version 3.2
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported Versions/43 (9
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Post Handshake Auth/49)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Post Handshake Auth/49 (0
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Safe Renegotiation/65281)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Safe Renegotiation/65281 (1
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Server Name Indication/0)
for 'client hello'
gnutls[2]: HSK[0x55baf0f22d60]: sent server name: 'bos-sr-2-36.akliz.net'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Server Name Indication/0 (26
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Cookie/44) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Early Data/42) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (PSK Key Exchange Modes/
45) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension PSK Key Exchange Modes/45 (3
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Record Size Limit/28) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Record Size Limit/28 (2
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Maximum Record Size/1)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (ClientHello Padding/21)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Pre Shared Key/41) for
'client hello'
gnutls[4]: HSK[0x55baf0f22d60]: CLIENT HELLO was queued [548 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT HELLO] 548. Total 548 bytes.
gnutls[11]: HWRITE FLUSH: 548 bytes in buffer.
gnutls[5]: REC[0x55baf0f22d60]: Preparing Packet Handshake(22) with length:
548 and min pad: 0
gnutls[9]: ENC[0x55baf0f22d60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 553 bytes for 0x4. Total 553 bytes.
gnutls[5]: REC[0x55baf0f22d60]: Sent Packet[1] Handshake(22) in epoch 0 and
length: 553
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 553 bytes in buffer.
gnutls[11]: WRITE: wrote 553 bytes, 0 bytes left.
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: -1 returned from 0x4, errno=11 gerrno=0
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 5 bytes from 0x4
gnutls[10]: READ: read 5 bytes from 0x4
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0f22d60]: SSL 3.1 Handshake packet received. Epoch 0,
length: 81
gnutls[5]: REC[0x55baf0f22d60]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55baf0f22d60]: Received Packet Handshake(22) with length: 81
gnutls[10]: READ: Got 81 bytes from 0x4
gnutls[10]: READ: read 81 bytes from 0x4
gnutls[10]: RB: Have 5 bytes into buffer. Adding 81 bytes.
gnutls[10]: RB: Requested 86 bytes
gnutls[5]: REC[0x55baf0f22d60]: Decrypted Packet[0] Handshake(22) with length:
81
gnutls[13]: BUF[REC]: Inserted 81 bytes of Data(22)
gnutls[4]: HSK[0x55baf0f22d60]: SERVER HELLO (2) was received. Length 77[77],
frag offset 0, frag length: 77, sequence: 0
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1176
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1428
gnutls[4]: HSK[0x55baf0f22d60]: Server's version: 3.1
gnutls[4]: HSK[0x55baf0f22d60]: SessionID length: 32
gnutls[4]: HSK[0x55baf0f22d60]: SessionID:
0e858e4d3c95cb52c76acd4aa2a15d110e6436905b6ce04f06ecf62f7caeb4c0
gnutls[4]: HSK[0x55baf0f22d60]: Selected cipher suite:
GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1
gnutls[4]: EXT[0x55baf0f22d60]: Parsing extension 'Safe Renegotiation/65281'
(1 bytes)
gnutls[4]: HSK[0x55baf0f22d60]: Safe renegotiation succeeded
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 5 bytes from 0x4
gnutls[10]: READ: read 5 bytes from 0x4
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0f22d60]: SSL 3.1 ChangeCipherSpec packet received.
Epoch 0, length: 1
gnutls[5]: REC[0x55baf0f22d60]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55baf0f22d60]: Received Packet ChangeCipherSpec(20) with
length: 1
gnutls[10]: READ: Got 1 bytes from 0x4
gnutls[10]: READ: read 1 bytes from 0x4
gnutls[10]: RB: Have 5 bytes into buffer. Adding 1 bytes.
gnutls[10]: RB: Requested 6 bytes
gnutls[5]: REC[0x55baf0f22d60]: Decrypted Packet[1] ChangeCipherSpec(20) with
length: 1
gnutls[3]: ASSERT: ../../lib/record.c[record_add_to_buffers]:907
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1578
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1467
gnutls[3]: ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1556
gnutls[3]: ASSERT: ../../lib/kx.c[_gnutls_recv_server_certificate]:749
gnutls[3]: ASSERT: ../../lib/handshake.c[handshake_client]:3008
gnutls[13]: BUF[HSK]: Emptied buffer
GnuTLS: An unexpected TLS packet was received.
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55baf0f22d60]: Start of epoch cleanup
gnutls[5]: REC[0x55baf0f22d60]: End of epoch cleanup
gnutls[5]: REC[0x55baf0f22d60]: Epoch #0 freed
gnutls[5]: REC[0x55baf0f22d60]: Epoch #1 freed
Server does not want to resume the SSL session. Trying with a new one.
gnutls[5]: REC[0x55baf0f22d60]: Allocating epoch #0
gnutls[2]: added 6 protocols, 29 ciphersuites, 19 sig algos and 10 groups into
priority list
gnutls[5]: REC[0x55baf0f22d60]: Allocating epoch #1
gnutls[4]: HSK[0x55baf0f22d60]: Adv. version: 3.3
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (OCSP Status Request/5)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension OCSP Status Request/5 (5
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Client Certificate Type/
19) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Server Certificate Type/
20) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported Groups/10) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group X448 (0x1e)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x55baf0f22d60]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported Groups/10 (22
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported EC Point
Formats/11) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported EC Point Formats/
11 (2 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (SRP/12) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Signature Algorithms/13)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.9) RSA-PSS-SHA256
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.7) EdDSA-Ed25519
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.10) RSA-PSS-SHA384
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.8) EdDSA-Ed448
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.11) RSA-PSS-SHA512
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x55baf0f22d60]: sent signature algo (2.3) ECDSA-SHA1
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Signature Algorithms/13 (34
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (SRTP/14) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Heartbeat/15) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (ALPN/16) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Encrypt-then-MAC/22) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Extended Master Secret/
23) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Session Ticket/35) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Session Ticket/35 (0 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Key Share/51) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: sending key share for SECP256R1
gnutls[4]: EXT[0x55baf0f22d60]: sending key share for X25519
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Supported Versions/43)
for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: Advertizing version 3.2
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Supported Versions/43 (9
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Post Handshake Auth/49)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Post Handshake Auth/49 (0
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Safe Renegotiation/65281)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Safe Renegotiation/65281 (1
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Server Name Indication/0)
for 'client hello'
gnutls[2]: HSK[0x55baf0f22d60]: sent server name: 'bos-sr-2-36.akliz.net'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Server Name Indication/0 (26
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Cookie/44) for 'client
hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Early Data/42) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (PSK Key Exchange Modes/
45) for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension PSK Key Exchange Modes/45 (3
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Record Size Limit/28) for
'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension Record Size Limit/28 (2
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Maximum Record Size/1)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (ClientHello Padding/21)
for 'client hello'
gnutls[4]: EXT[0x55baf0f22d60]: Sending extension ClientHello Padding/21 (114
bytes)
gnutls[4]: EXT[0x55baf0f22d60]: Preparing extension (Pre Shared Key/41) for
'client hello'
gnutls[4]: HSK[0x55baf0f22d60]: CLIENT HELLO was queued [512 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT HELLO] 512. Total 512 bytes.
gnutls[11]: HWRITE FLUSH: 512 bytes in buffer.
gnutls[5]: REC[0x55baf0f22d60]: Preparing Packet Handshake(22) with length:
512 and min pad: 0
gnutls[9]: ENC[0x55baf0f22d60]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 517 bytes for 0x4. Total 517 bytes.
gnutls[5]: REC[0x55baf0f22d60]: Sent Packet[1] Handshake(22) in epoch 0 and
length: 517
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 517 bytes in buffer.
gnutls[11]: WRITE: wrote 517 bytes, 0 bytes left.
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 5 bytes from 0x4
gnutls[10]: READ: read 5 bytes from 0x4
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0f22d60]: SSL 3.1 Handshake packet received. Epoch 0,
length: 48
gnutls[5]: REC[0x55baf0f22d60]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55baf0f22d60]: Received Packet Handshake(22) with length: 48
gnutls[10]: READ: Got 48 bytes from 0x4
gnutls[10]: READ: read 48 bytes from 0x4
gnutls[10]: RB: Have 5 bytes into buffer. Adding 48 bytes.
gnutls[10]: RB: Requested 53 bytes
gnutls[5]: REC[0x55baf0f22d60]: Decrypted Packet[0] Handshake(22) with length:
48
gnutls[13]: BUF[REC]: Inserted 48 bytes of Data(22)
gnutls[4]: HSK[0x55baf0f22d60]: KEY_UPDATE (24) was received. Length
15468356[44], frag offset 0, frag length: 44, sequence: 0
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_parse_record_buffered_msgs]:
1317
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 5 bytes from 0x4
gnutls[10]: READ: read 5 bytes from 0x4
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55baf0f22d60]: SSL 3.1 Alert packet received. Epoch 0,
length: 32
gnutls[5]: REC[0x55baf0f22d60]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55baf0f22d60]: Received Packet Alert(21) with length: 32
gnutls[10]: READ: Got 32 bytes from 0x4
gnutls[10]: READ: read 32 bytes from 0x4
gnutls[10]: RB: Have 5 bytes into buffer. Adding 32 bytes.
gnutls[10]: RB: Requested 37 bytes
gnutls[5]: REC[0x55baf0f22d60]: Decrypted Packet[1] Alert(21) with length: 32
gnutls[5]: REC[0x55baf0f22d60]: Alert[109|103] - (null) - was received
gnutls[3]: ASSERT: ../../lib/record.c[record_add_to_buffers]:892
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1578
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1467
gnutls[3]: ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1556
GnuTLS: A TLS warning alert has been received.
GnuTLS: received alert [103]: (unknown)
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: -1 returned from 0x4, errno=11 gerrno=0
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:589
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1185
gnutls[10]: READ: Got 0 bytes from 0x4
gnutls[10]: READ: read 0 bytes from 0x4
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:593
gnutls[3]: ASSERT: ../../lib/record.c[recv_headers]:1184
gnutls[3]: ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1310
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1467
gnutls[3]: ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1556
gnutls[3]: ASSERT: ../../lib/handshake.c[handshake_client]:2968
gnutls[13]: BUF[HSK]: Emptied buffer
GnuTLS: The TLS connection was non-properly terminated.
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55baf0f22d60]: Start of epoch cleanup
gnutls[5]: REC[0x55baf0f22d60]: End of epoch cleanup
gnutls[5]: REC[0x55baf0f22d60]: Epoch #0 freed
gnutls[5]: REC[0x55baf0f22d60]: Epoch #1 freed
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55baf0c5d760]: Start of epoch cleanup
gnutls[5]: REC[0x55baf0c5d760]: End of epoch cleanup
gnutls[5]: REC[0x55baf0c5d760]: Epoch #1 freed
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55baf0c5d760]: Start of epoch cleanup
gnutls[5]: REC[0x55baf0c5d760]: End of epoch cleanup
gnutls[5]: REC[0x55baf0c5d760]: Epoch #1 freed
Closed fd 4
Could not perform SSL handshake.
Retrying.

--2021-01-20 13:50:26-- ftps://bos-sr-2-36.akliz.net/custom-minecraft/
whitelist.json
(try: 2) => ‘whitelist.json’
==> CWD not required.
==> SIZE whitelist.json ...
--> SIZE whitelist.json

zsh: abort env GNUTLS_DEBUG_LEVEL=4711 wget --verbose --debug --ask-
password

[Tim Kosse]

Hello,

I managed to reproduce the issue, but only with the Debian package of
GnuTLS, not with a manually compiled version.

With this information I quickly found that the problem is the patch
48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch, it breaks TLS
session resumption if not using TLS 1.3.

FTP over TLS uses session resumption on the data connection as a
security measure against data connection stealing attacks.

It looks like upstream has already fixed the issue:
https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd

With this additional patch applied on top of the problematic one, the
error disappears.

Regards,
Tim Kosse