Your message dated Fri, 02 Jan 2015 12:40:16 +0000
with message-id <[email protected]>
and subject line Bug#767610: Removed package(s) from unstable
has caused the Debian Bug report #708174,
regarding gnutls26: with priority SECURE128 fails to negotiate a cipher suite
with itself
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
708174: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708174
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gnutls26
Version: 2.12.20-6
Severity: normal
Running
gnutls-serv -d 255 -p 1234 --x509certfile /etc/ssl/certs/rilynn.pem
--x509keyfile /etc/ssl/private/rilynn.key
and
gnutls-cli -d 255 -p 1234 --priority SECURE128 rilynn.me.uk
on the same box fails to negotiate a cipher suite. A priority string of
NORMAL appears to work.
The server reports:
Set static Diffie-Hellman parameters, consider --dhparams.
Echo Server listening on IPv4 0.0.0.0 port 1234...done
Echo Server listening on IPv6 :: port 1234...bind() failed: Address already in
use
|<4>| REC[0x9224138]: Allocating epoch #0
* Accepted connection from IPv4 192.168.0.1 port 50714 on Mon May 13 18:07:09
2013
|<2>| ASSERT: gnutls_constate.c:695
|<4>| REC[0x9224138]: Allocating epoch #1
|<7>| READ: Got 5 bytes from 0x5
|<7>| READ: read 5 bytes from 0x5
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x9224138]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x9224138]: Received Packet[0] Handshake(22) with length: 113
|<7>| READ: Got 113 bytes from 0x5
|<7>| READ: read 113 bytes from 0x5
|<7>| RB: Have 5 bytes into buffer. Adding 113 bytes.
|<7>| RB: Requested 118 bytes
|<4>| REC[0x9224138]: Decrypted Packet[0] Handshake(22) with length: 113
|<6>| BUF[HSK]: Inserted 113 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[0x9224138]: CLIENT HELLO was received [113 bytes]
|<6>| BUF[REC][HD]: Read 109 bytes of Data(22)
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 109 bytes of Data
|<3>| HSK[0x9224138]: Client's version: 3.3
|<2>| ASSERT: gnutls_db.c:326
|<2>| ASSERT: gnutls_db.c:246
|<2>| EXT[0x9224138]: Parsing extension 'SERVER NAME/0' (17 bytes)
|<2>| EXT[0x9224138]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<2>| EXT[0x9224138]: Parsing extension 'SESSION TICKET/35' (0 bytes)
|<2>| EXT[0x9224138]: Parsing extension 'SIGNATURE ALGORITHMS/13' (6 bytes)
|<2>| EXT[SIGA]: rcvd signature algo (4.1) RSA-SHA256
|<2>| EXT[SIGA]: rcvd signature algo (2.2) DSA-SHA1
|<2>| ASSERT: gnutls_handshake.c:3348
|<1>| Could not find an appropriate certificate: Insufficient credentials for
that request.
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x9224138]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x9224138]: Removing ciphersuite: RSA_AES_256_CBC_SHA256
|<2>| ASSERT: gnutls_handshake.c:921
|<2>| ASSERT: gnutls_handshake.c:586
|<2>| ASSERT: gnutls_handshake.c:2358
|<2>| ASSERT: gnutls_handshake.c:2991
|<6>| BUF[HSK]: Cleared Data from buffer
Error in handshake
Error: Could not negotiate a supported cipher suite.
|<4>| REC: Sending Alert[2|40] - Handshake failed
|<4>| REC[0x9224138]: Sending Packet[0] Alert(21) with length: 2
|<7>| WRITE: enqueued 7 bytes for 0x5. Total 7 bytes.
|<7>| WRITE FLUSH: 7 bytes in buffer.
|<7>| WRITE: wrote 7 bytes, 0 bytes left.
|<4>| REC[0x9224138]: Sent Packet[1] Alert(21) with length: 7
|<2>| ASSERT: gnutls_record.c:276
|<6>| BUF[HSK]: Cleared Data from buffer
|<4>| REC[0x9224138]: Epoch #0 freed
|<4>| REC[0x9224138]: Epoch #1 freed
The client reports :
Resolving 'rilynn.me.uk'...
Connecting to '192.168.0.1:1234'...
|<4>| REC[0x89c9238]: Allocating epoch #0
|<2>| ASSERT: gnutls_constate.c:695
|<4>| REC[0x89c9238]: Allocating epoch #1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x89c9238]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x89c9238]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<2>| EXT[0x89c9238]: Sending extension SERVER NAME (17 bytes)
|<2>| EXT[0x89c9238]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<2>| EXT[0x89c9238]: Sending extension SESSION TICKET (0 bytes)
|<2>| EXT[SIGA]: sent signature algo (4.1) RSA-SHA256
|<2>| EXT[SIGA]: sent signature algo (2.2) DSA-SHA1
|<2>| EXT[0x89c9238]: Sending extension SIGNATURE ALGORITHMS (6 bytes)
|<3>| HSK[0x89c9238]: CLIENT HELLO was sent [113 bytes]
|<6>| BUF[HSK]: Inserted 113 bytes of Data
|<7>| HWRITE: enqueued 113. Total 113 bytes.
|<7>| HWRITE FLUSH: 113 bytes in buffer.
|<4>| REC[0x89c9238]: Sending Packet[0] Handshake(22) with length: 113
|<7>| WRITE: enqueued 118 bytes for 0x4. Total 118 bytes.
|<4>| REC[0x89c9238]: Sent Packet[1] Handshake(22) with length: 118
|<7>| HWRITE: wrote 113 bytes, 0 bytes left.
|<7>| WRITE FLUSH: 118 bytes in buffer.
|<7>| WRITE: wrote 118 bytes, 0 bytes left.
|<7>| READ: Got 5 bytes from 0x4
|<7>| READ: read 5 bytes from 0x4
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x89c9238]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x89c9238]: Received Packet[0] Alert(21) with length: 2
|<7>| READ: Got 2 bytes from 0x4
|<7>| READ: read 2 bytes from 0x4
|<7>| RB: Have 5 bytes into buffer. Adding 2 bytes.
|<7>| RB: Requested 7 bytes
|<4>| REC[0x89c9238]: Decrypted Packet[0] Alert(21) with length: 2
|<4>| REC[0x89c9238]: Alert[2|40] - Handshake failed - was received
|<2>| ASSERT: gnutls_record.c:726
|<2>| ASSERT: gnutls_record.c:1122
|<2>| ASSERT: gnutls_handshake.c:2762
|<6>| BUF[HSK]: Cleared Data from buffer
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
|<4>| REC: Sending Alert[2|80] - Internal error
|<4>| REC[0x89c9238]: Sending Packet[1] Alert(21) with length: 2
|<7>| WRITE: enqueued 7 bytes for 0x4. Total 7 bytes.
|<7>| WRITE FLUSH: 7 bytes in buffer.
|<7>| WRITE: wrote 7 bytes, 0 bytes left.
|<4>| REC[0x89c9238]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.
|<6>| BUF[HSK]: Cleared Data from buffer
|<4>| REC[0x89c9238]: Epoch #0 freed
|<4>| REC[0x89c9238]: Epoch #1 freed
Using a priority string of SECURE128 for outgoing SMTP connections in Debian
exim also fails between two Wheezy boxes, which is how I noticed the problem
in the first place.
Also, gnutls appears to prefer to use the weakest available cipher instead of
the strongest, which seems a bit odd.
Thanks,
Roger
-- System Information:
Debian Release: 7.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgnutls26 depends on:
ii libc6 2.13-38
ii libgcrypt11 1.5.0-5
ii libp11-kit0 0.12-3
ii libtasn1-3 2.13-2
ii multiarch-support 2.13-38
ii zlib1g 1:1.2.7.dfsg-13
libgnutls26 recommends no packages.
libgnutls26 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.12.23-17+rm
Dear submitter,
as the package gnutls26 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/767610
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
