date:20200327

Re: Error running auto-key-locate wkd in Windows 10

2020-03-27 Thread gus

On Fri, Mar 27, 2020 at 03:42:39PM +0100, Ingo Klöcker wrote:
> On Freitag, 27. März 2020 09:48:01 CET Werner Koch via Gnupg-users wrote:
> > That is: "Fatal alert message received" which comes from the TLS
> > layer.  To see the actual cause you need to add
> > 
> >   log-file /some/file
> >   tls-debug 2
> > 
> > or a higher level to dirmngr.conf and "gpgconf --reload dirmngr".  For
> > me a
> > 
> >   gpg --locate-external-keys -v torbrow...@torproject.org
> > 
> > (--locate-external-key is easier to type than yours.  It excludes the
> >  local keys and thus always goes out to the WKD) then gives:
> > 
> >   DBG: ntbtls(2): got an alert message, type: [2:40]
> >   DBG: ntbtls(1): is a fatal alert message (msg 40)
> >   DBG: ntbtls(1): (handshake failed)
> >   DBG: ntbtls(1): read_record returned: Fatal alert message received 
> >   DBG: ntbtls(2): handshake ready
> >   TLS handshake failed: Fatal alert message received 
> >   error connecting to 'https://openpgpkey.tor[...]
> > 
> > A reason for the failed handhake might be that no common parameters
> > could be found.
> 
> Probably, no matching cipher suite. According to ssllabs.com/ssltest 
> openpgpkey.torproject.org (well, at least one of the actual servers) only 
> supports the following cipher suites:
> # TLS 1.3 (server has no preference)
> TLS_AES_128_GCM_SHA256
> TLS_AES_256_GCM_SHA384
> TLS_CHACHA20_POLY1305_SHA256
> 
> # TLS 1.2 (server has no preference)
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
> 
> I think none of those matches any of those in the output of ntbtls in your 
> message.
> 
> Regards,
> Ingo
> 

It was a ciphersuite change on our server, and it's fixed now.

Thanks all!

Gus

-- 
The Tor Project
Community Team Lead
http://expyuzz4wqqyqhjn.onion/


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Error running auto-key-locate wkd in Windows 10

2020-03-27 Thread Ingo Klöcker

On Freitag, 27. März 2020 09:48:01 CET Werner Koch via Gnupg-users wrote:
> That is: "Fatal alert message received" which comes from the TLS
> layer.  To see the actual cause you need to add
> 
>   log-file /some/file
>   tls-debug 2
> 
> or a higher level to dirmngr.conf and "gpgconf --reload dirmngr".  For
> me a
> 
>   gpg --locate-external-keys -v torbrow...@torproject.org
> 
> (--locate-external-key is easier to type than yours.  It excludes the
>  local keys and thus always goes out to the WKD) then gives:
> 
>   DBG: ntbtls(2): got an alert message, type: [2:40]
>   DBG: ntbtls(1): is a fatal alert message (msg 40)
>   DBG: ntbtls(1): (handshake failed)
>   DBG: ntbtls(1): read_record returned: Fatal alert message received 
>   DBG: ntbtls(2): handshake ready
>   TLS handshake failed: Fatal alert message received 
>   error connecting to 'https://openpgpkey.tor[...]
> 
> A reason for the failed handhake might be that no common parameters
> could be found.

Probably, no matching cipher suite. According to ssllabs.com/ssltest 
openpgpkey.torproject.org (well, at least one of the actual servers) only 
supports the following cipher suites:
# TLS 1.3 (server has no preference)
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

# TLS 1.2 (server has no preference)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

I think none of those matches any of those in the output of ntbtls in your 
message.

Regards,
Ingo




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Error running auto-key-locate wkd in Windows 10

2020-03-27 Thread Werner Koch via Gnupg-users

On Thu, 26 Mar 2020 17:55, gus said:

>   gpg: error retrieving 'torbrow...@torproject.org' via WKD: Ricevuto
> un
>   messaggio di avviso fatale 
>   gpg: error reading key: Ricevuto un messaggio di avviso fatale

That is: "Fatal alert message received" which comes from the TLS
layer.  To see the actual cause you need to add

  log-file /some/file
  tls-debug 2

or a higher level to dirmngr.conf and "gpgconf --reload dirmngr".  For
me a

  gpg --locate-external-keys -v torbrow...@torproject.org

(--locate-external-key is easier to type than yours.  It excludes the
 local keys and thus always goes out to the WKD) then gives:
  
  DBG: ntbtls(2): got an alert message, type: [2:40]
  DBG: ntbtls(1): is a fatal alert message (msg 40)
  DBG: ntbtls(1): (handshake failed)
  DBG: ntbtls(1): read_record returned: Fatal alert message received 
  DBG: ntbtls(2): handshake ready
  TLS handshake failed: Fatal alert message received 
  error connecting to 'https://openpgpkey.tor[...]

A reason for the failed handhake might be that no common parameters
could be found.  We would need to look at the server log or run tests
with that server to see what it expects.  I copy the full TLS log below.
I have no GNUTLS based build currently available, if that works, it log
could give also some conclusion.  However, on Windows we always use
NTBTLS.



Salam-Shalom,

   Werner


--8<---cut here---start->8---
DBG: ntbtls(2): handshake
DBG: ntbtls(2): client state: 0 (hello_request)
DBG: ntbtls(3): flush output
DBG: ntbtls(2): client state: 1 (client_hello)
DBG: ntbtls(3): flush output
DBG: ntbtls(2): write client_hello
DBG: ntbtls(3): client_hello, max version: [3:3]
DBG: ntbtls(3): client_hello, current time: 1585298512
DBG: client_hello, random bytes: 
5e7dbc5008b76aa83d09c4393a4bdbe792ad9fee5198c6d9f88357ad16020156
DBG: ntbtls(3): client_hello, session id len.: 0
DBG: client_hello, session id: 
DBG: ntbtls(5): client_hello, add ciphersuite: 49192 
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
DBG: ntbtls(5): client_hello, add ciphersuite:   107 
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite: 49172 
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite:57 
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite: 49271 
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
DBG: ntbtls(5): client_hello, add ciphersuite:   196 
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite:   136 
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite: 49191 
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite:   103 
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite: 49171 
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite:51 
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite: 49270 
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite:   190 
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite:69 
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite: 49170 
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite:22 
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite: 49208 
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384
DBG: ntbtls(5): client_hello, add ciphersuite:   179 
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384
DBG: ntbtls(5): client_hello, add ciphersuite: 49206 
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite:   145 
TLS-DHE-PSK-WITH-AES-256-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite: 49307 
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
DBG: ntbtls(5): client_hello, add ciphersuite: 49303 
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
DBG: ntbtls(5): client_hello, add ciphersuite: 49207 
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite:   178 
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite: 49205 
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite:   144 
TLS-DHE-PSK-WITH-AES-128-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite: 49302 
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite: 49306 
TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite: 49204 
TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite:   143 
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite:61 
TLS-RSA-WITH-AES-256-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite:53 
TLS-RSA-WITH-AES-256-CBC-SHA
DBG: ntbtls(5): client_hello, add ciphersuite:   192 
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
DBG: ntbtls(5): client_hello, add ciphersuite:   132

Re: Error running auto-key-locate wkd in Windows 10

Re: Error running auto-key-locate wkd in Windows 10

Re: Error running auto-key-locate wkd in Windows 10

3 matches

Site Navigation

Mail list logo

Footer information