|

GNUTLS ERROR: A TLS packet with unexpected length was received.

View: New views

3 Messages — Rating Filter: Alert me

	GNUTLS ERROR: A TLS packet with unexpected length was received. by darkdemun :: Rate this Message: \| View Threaded \| Show Only this Message Hi, I'm making a SSL IRC bot just for learning. The thing is I get "GNUTLS ERROR: A TLS packet with unexpected length was received." when handshaking every 4 connections (and if i keep trying to connect it'll keep happening till i wait for a bit) and i have no idea why, I have attached a log from gnutls-cli. Also I don't get the error when connecting to a inspircd server (only tried connecting to unrealircd servers), I'm using x509 certificate authentication and basically using the code from the examples. I'm using windows by the way, If any of you could help i'd greatly appreciate it. -- Cain. \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: RSA_ARCFOUR_MD5 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 \|<3>\| HSK[9b5be8]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1 \|<3>\| HSK[9b5be8]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 \|<2>\| EXT[9b5be8]: Sending extension CERT_TYPE \|<2>\| EXT[9b5be8]: Sending extension SERVER_NAME \|<3>\| HSK[9b5be8]: CLIENT HELLO was send [43775681070366843 bytes] \|<6>\| BUF[HSK]: Peeked 0 bytes of Data \|<6>\| BUF[HSK]: Emptied buffer \|<4>\| REC[9b5be8]: Sending Packet[0] Handshake(22) with length: 123 \|<2>\| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_cipher.c:205 \|<7>\| WRITE: Will write 128 bytes to 1916. \|<7>\| WRITE: wrote 128 bytes to 1916. Left 0 bytes. Total 128 bytes. \|<7>\| 0000 - 16 03 02 00 7b 01 00 00 77 03 02 48 b4 89 0f b9 \|<7>\| 0001 - 0d df c7 eb cc af b0 8e 9d 29 91 64 c1 ce 40 03 \|<7>\| 0002 - b9 21 91 44 11 f0 2d 19 5c 26 bc 00 00 34 00 33 \|<7>\| 0003 - 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87 \|<7>\| 0004 - 00 13 00 66 00 90 00 91 00 8f 00 8e 00 2f 00 41 \|<7>\| 0005 - 00 35 00 84 00 0a 00 05 00 04 00 8c 00 8d 00 8b \|<7>\| 0006 - 00 8a 01 00 00 1a 00 09 00 03 02 00 01 00 00 00 \|<7>\| 0007 - 0f 00 0d 00 00 0a 74 6c 73 65 72 76 2e 63 6f 6d \|<7>\| 0008 - \|<4>\| REC[9b5be8]: Sent Packet[1] Handshake(22) with length: 128 \|<7>\| READ: Got 5 bytes from 1916 \|<7>\| READ: read 5 bytes from 1916 \|<7>\| 0000 - 45 52 52 4f 52 \|<7>\| RB: Have 0 bytes into buffer. Adding 5 bytes. \|<7>\| RB: Requested 5 bytes \|<2>\| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_record.c:506 \|<4>\| REC[9b5be8]: Expected Packet[0] Handshake(22) with length: 1 \|<4>\| REC[9b5be8]: Received Packet[0] Unknown Packet(69) with length: 20306 \|<4>\| REC[9b5be8]: FATAL ERROR: Received packet with length: 20306 \|<2>\| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_record.c:959 \|<2>\| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_buffers.c:1152 \|<2>\| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_handshake.c:1032 \|<2>\| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_handshake.c:2331 \|<6>\| BUF[HSK]: Cleared Data from buffer * Fatal error: A TLS packet with unexpected length was received. * Handshake has failed GNUTLS ERROR: A TLS packet with unexpected length was received. _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: GNUTLS ERROR: A TLS packet with unexpected length was received. by Simon Josefsson-2 :: Rate this Message: \| View Threaded \| Show Only this Message darkdemun <darkdemun@...> writes: > Hi, I'm making a SSL IRC bot just for learning. The thing is I get "GNUTLS > ERROR: A TLS packet with unexpected length was received." when handshaking > every 4 connections (and if i keep trying to connect it'll keep happening > till i wait for a bit) and i have no idea why, I have attached a log from > gnutls-cli. > Also I don't get the error when connecting to a inspircd server (only tried > connecting to unrealircd servers), I'm using x509 certificate authentication > and basically using the code from the examples. I'm using windows by the > way, If any of you could help i'd greatly appreciate it. ... > \|<3>\| HSK[9b5be8]: CLIENT HELLO was send [43775681070366843 bytes] That was an unrelated problem: I've fixed the debug message to be somewhat more correct. > \|<4>\| REC[9b5be8]: Sending Packet[0] Handshake(22) with length: 123 > \|<2>\| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_cipher.c:205 That seems strange, I'm not sure why that happens. Do you get this error on the successful connections too? > \|<7>\| READ: Got 5 bytes from 1916 > \|<7>\| READ: read 5 bytes from 1916 > \|<7>\| 0000 - 45 52 52 4f 52 > \|<7>\| RB: Have 0 bytes into buffer. Adding 5 bytes. > \|<7>\| RB: Requested 5 bytes > \|<2>\| ASSERT: ../../../src/gnutls-2.4.1/lib/gnutls_record.c:506 > \|<4>\| REC[9b5be8]: Expected Packet[0] Handshake(22) with length: 1 > \|<4>\| REC[9b5be8]: Received Packet[0] Unknown Packet(69) with length: 20306 > \|<4>\| REC[9b5be8]: FATAL ERROR: Received packet with length: 20306 If you decode the received 5 bytes of data, you'll see that it says 'ERROR'. Thus, the server is not talking TLS any more, but instead sent you an unencrypted 'ERROR' message. Presumably the server's TLS library failed, and the server didn't know what to do. It would help if you could debug things on the server side as well. Things to try is to disable all TLS extensions and enable compatibility hacks. Try gnutls-cli --priority NORMAL:%COMPAT And then disable more things too. /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: GNUTLS ERROR: A TLS packet with unexpected length was received. by John Brooks-6 :: Rate this Message: \| View Threaded \| Show Only this Message Drawing on my knowledge of unrealircd for this (which is somewhat outdated, but I believe still correct), my guess is that you're hitting the throttling limit of the ircd. After a certain number of connections from an IP in a certain amount of time, it starts rejecting new ones - and I wouldn't be suprised if it rejects their handshakes as well (save resources, DDoS prevention). I believe this is configurable - check the config and try connecting repeatedly without SSL to see what it says. Another possibility is that the IP is Z-Lined; unrealircd will send an ERROR in plaintext even if you attempt to connect with SSL (which will show up as exactly that error). Again, to prevent excess resource usage and help stop DDoS. Either way, i'm inclined to think that this is one of those two slightly misguided features of unrealircd, rather than a SSL issue. Inspircd is better anyway :P - John Brooks On Tue, Aug 26, 2008 at 5:01 PM, darkdemun <darkdemun@...> wrote: Hi, I'm making a SSL IRC bot just for learning. The thing is I get "GNUTLS ERROR: A TLS packet with unexpected length was received." when handshaking every 4 connections (and if i keep trying to connect it'll keep happening till i wait for a bit) and i have no idea why, I have attached a log from gnutls-cli. Also I don't get the error when connecting to a inspircd server (only tried connecting to unrealircd servers), I'm using x509 certificate authentication and basically using the code from the examples. I'm using windows by the way, If any of you could help i'd greatly appreciate it. -- Cain. _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls