Hello Michael, Michael Wohlwend <[email protected]> writes:
> I got a problem with a gnutls client-server connection which breaks after > sending 64GB of data. Most often less data is send, so the problem was not > recognized. I'm using the gnutls version in debian bullseye. One computer is > still running debian stretch, where it doesn't break, but just happily > handles > more than 64 GB, so I think the client side is responsible for closing the > connection. I need a bit more information to answer properly: Are both client and server programs using GnuTLS? If yes, could you provide the exact package versions, for both client and server? > I have not that much knowing of the gnutls lib and just turned on debug > output. > > The last lines in the log I'm seeing before the connection breaks are: > [...] > gnutls[5]: REC: Sending Alert[1|0] - Benachrichtigung schließen (notify close) > gnutls[5]: REC[0x564834690fd0]: Preparing Packet Alert(21) with length: 2 and > min pad: 0 > gnutls[9]: ENC[0x564834690fd0]: cipher: AES-256-GCM, MAC: AEAD, Epoch: 2 [...] > Has something changed between versions 3.5 and 3.7 which explains that 64G > border? 64 GB is above the limit of AES-GCM being safely used without rekeying. If TLS 1.3 is negotiated GnuTLS initiates automatic rekeying, though TLS 1.3 is a feature supported by GnuTLS 3.6 or later. Perhaps you could try other ciphers that doesn't have such limitation, e.g., CHACHA20-POLY1305? Regards, -- Daiki Ueno _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
