Ubuntu
openssl package

  1. Bug #795355
  2. Comment #27

Comment 27 for bug 795355

Revision history for this message
James M. Leddy (jm-leddy) wrote : Re: Intermittent SSL connection faults

Okay, hexr is acting up again. Here is some verbose gnutls-client output :

$ gnutls-cli -d 5 hexr.canonical.com
Resolving 'hexr.canonical.com'...
Connecting to '91.189.89.67:443'...
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[0x10e1b30]: Sending extension CERT_TYPE
|<2>| EXT[0x10e1b30]: Sending extension SERVER_NAME
|<2>| EXT[0x10e1b30]: Sending extension SAFE_RENEGOTIATION
|<2>| EXT[0x10e1b30]: Sending extension SESSION_TICKET
|<2>| EXT[0x10e1b30]: Sending extension SIGNATURE_ALGORITHMS
|<3>| HSK[0x10e1b30]: CLIENT HELLO was sent [168 bytes]
|<4>| REC[0x10e1b30]: Sending Packet[0] Handshake(22) with length: 168
|<4>| REC[0x10e1b30]: Sent Packet[1] Handshake(22) with length: 173
|<4>| REC[0x10e1b30]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x10e1b30]: Received Packet[0] Handshake(22) with length: 57
|<4>| REC[0x10e1b30]: Decrypted Packet[0] Handshake(22) with length: 57
|<3>| HSK[0x10e1b30]: SERVER HELLO was received [57 bytes]
|<3>| HSK[0x10e1b30]: Server's version: 3.1
|<3>| HSK[0x10e1b30]: SessionID length: 0
|<3>| HSK[0x10e1b30]: SessionID:
|<3>| HSK[0x10e1b30]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1
|<2>| EXT[0x10e1b30]: Found extension 'SERVER_NAME/0'
|<2>| EXT[0x10e1b30]: Found extension 'SAFE_RENEGOTIATION/65281'
|<2>| EXT[0x10e1b30]: Found extension 'SESSION_TICKET/35'
|<3>| HSK[0x10e1b30]: Safe renegotiation succeeded
|<4>| REC[0x10e1b30]: Expected Packet[1] Handshake(22) with length: 1
|<4>| REC[0x10e1b30]: Received Packet[1] Handshake(22) with length: 4688
|<4>| REC[0x10e1b30]: Decrypted Packet[1] Handshake(22) with length: 4688
|<3>| HSK[0x10e1b30]: CERTIFICATE was received [4688 bytes]
|<4>| REC[0x10e1b30]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[0x10e1b30]: Received Packet[2] Handshake(22) with length: 525
|<4>| REC[0x10e1b30]: Decrypted Packet[2] Handshake(22) with length: 525
|<3>| HSK[0x10e1b30]: SERVER KEY EXCHANGE was received [525 bytes]
|<2>| ASSERT: gnutls_pk.c:266
|<2>| ASSERT: gnutls_pk.c:336
|<2>| ASSERT: gnutls_sig.c:354
|<2>| ASSERT: gnutls_sig.c:475
|<2>| ASSERT: auth_dhe.c:272
|<2>| ASSERT: gnutls_kx.c:423
|<2>| ASSERT: gnutls_handshake.c:2811
 *** Fatal error: Decryption has failed.
|<4>| REC: Sending Alert[2|20] - Bad record MAC
|<4>| REC[0x10e1b30]: Sending Packet[1] Alert(21) with length: 2
|<4>| REC[0x10e1b30]: Sent Packet[2] Alert(21) with length: 7
 *** Handshake has failed
GnuTLS error: Decryption has failed.