[Bug 1444656] Re: GnuTLS TLS 1.2 handshake failure

Seth Arnold 1444656 at bugs.launchpad.net
Wed Mar 15 00:01:56 UTC 2017 

Hello Samuel, thanks for doing this investigation. This feels like a
reasonable change to address through a Stable Release Update; the
process is a bit involved, but largely so we're sure we don't break
existing users in the process.

Are you in a position where you can prepare a debdiff? There's some
guidelines on https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
(it's not a perfect match since that page is for security updates, not
SRUs, but it's hopefully helpful.)

See also https://wiki.ubuntu.com/StableReleaseUpdates

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1444656

Title:
  GnuTLS TLS 1.2 handshake failure

Status in gnutls26 package in Ubuntu:
  Invalid
Status in gnutls26 source package in Trusty:
  Triaged

Bug description:
  I'm experiencing the same issue as here:

  http://comments.gmane.org/gmane.network.gnutls.general/3713

  
  I came across a SSL handshake problem with gnutls-cli when connecting to 
  some websites, see below. It is somehow specific to gnutls as 
  openssl/Chrome/Firefox can connect fine. 

  Is this is a bug in gnutls or do you have any ideas how to
  troubleshoot it?

  $ gnutls-cli --version
  gnutls-cli (GnuTLS) 2.12.23
  Packaged by Debian (2.12.23-12ubuntu2.1)

  $ gnutls-cli www.openlearning.com
  Resolving 'www.openlearning.com'...
  Connecting to '119.9.9.205:443'...
  *** Fatal error: A TLS fatal alert has been received.
  *** Received alert [40]: Handshake failed
  *** Handshake has failed
  GnuTLS error: A TLS fatal alert has been received.

  $ gnutls-cli sequencewiz.com
  Resolving 'sequencewiz.com'...
  Connecting to '50.112.144.117:443'...
  *** Fatal error: A TLS packet with unexpected length was received.
  *** Handshake has failed
  GnuTLS error: A TLS packet with unexpected length was received.

  Thank you,

  
  Please back port the latest GnuTLS to Trusty as it is an LTS release and clearly GnuTLS 2.12 is an old branch.

  I've also attached packet captures of this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1444656/+subscriptions

More information about the foundations-bugs mailing list