-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
> Is this reproducile with gnutls-cli or is the respective server > publically accessible? It is reproducible. 1. Create a buster chroot for the server, or something similar. 2. Install gnutls-bin 3.6.6-3 and ssl-cert. 3. Start something like: gnutls-serv --echo --x509keyfile /etc/ssl/private/ssl-cert-snakeoil.key --x509certfile /etc/ssl/certs/ssl-cert-snakeoil.pem 4. Create a buster chroot for the client. 5. Install gnutls-bin 3.6.7-2 and pwgen (I used that to generate random blobs of printable data). 6. Try: pwgen 16383 | gnutls-cli --no-ca-verification --port 5556 localhost - From a size of 16383 bytes onwards, I get: |<1>| Received packet with illegal length: 16385 |<1>| Discarded message[1] due to invalid decryption *** Fatal error: A TLS record packet with invalid length was received. *** Server has terminated the connection abnormally. After upgrading the server to 3.6.7-2, the problem goes away. Actually, this might as well be an issue in 3.6.6, that was masked while clients were also 3.6.6… I don't know ;)! - -nik -----BEGIN PGP SIGNATURE----- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlz1locxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylrJ7D/9ji2A9+audQYrS1BYInzijlV0QBJLO3ZbAUqt0zhD0jp6Xw9gUKIpW RU/TGNCzPoXusCefCsdRZAXPHt6aMCgu0ir/oPebMqz8PfIDVoqe588E4dF608u1 /QpfpBzf2DJVfwIjuAPXHLpYL7SmCE9HRanRxR1Wdnxg7mfzhnWO0Nq0Ef7+fsvr ADMoQaQ6bXko6zS8g2+7cVcI9WURwaozErSHujBhJQjbKlAkO0hzGlpUgWYuu/gd YghSxaCIQRBuPqoF3prFRA1PkdJnJxaVBaWh15laejxxGZTbb7DRqv7MGewm+LUC oi/QsnfoZ6hdOKCCP4mGzDKn47oZuVh6ldEemhOC7RK0Gzss+1qqx5XXdcOF3Xcr brxEshkYLvSMqzLZP4JaKe8a2joTYcn42yvkszB1FlTLmBJ1sK93bRIdZQf2FYKo RT+2oLITjS9tjRbJjrfoIGzCS0UCiNkJeotYBYS33jHU94igTrLOlayNoCmCe++U KQsn+09eWnGa9jdeAE6gfGzuxz5krvG2dK2cM/+clHak53EkzRQMGX9hKOkpIa0b Bs+0bKiNbCLSQtaYx4x9vSxWJg/3XOe+TXGu6CwvYFRlTW1ZXz5uOHGvbCyFoTPK Q4bbKqP+xmcfdxibx18A2rqMsByNOiNqliC9+3PdreZ2pCPeO3X1PA== =Blay -----END PGP SIGNATURE-----