Debugging connection failure (GnuTLS TLS alert)?

Sebastian Kayser sebastian at skayser.de
Fri Mar 26 12:14:32 EDT 2010


Greetings,

I am using pidgin 2.6.6 with GnuTLS 2.8.6 and the company XMPP server
drops my connection attempt with a TLS alert right after the TLS client
hello. Company IT says "known issue with GnuTLS, use NSS instead". Is
there any way to narrow down and possibly solve this issue instead of
simply falling back to NSS (which wouldn't be that easy to do as we are
using distro provided packages)?

The following is the connection relevant, (anonymized) excerpt from

$ PURPLE_GNUTLS_DEBUG=9 pidgin -d

I don't have access to the XMPP server. Client platform is Solaris 10
x86. Please tell me if you feel that this is something which should be
taken to the GnuTLS guys instead.

(17:02:09) dnsquery: IP resolved for xmpp.company.com
(17:02:09) proxy: Attempting connection to x.x.x.x
(17:02:09) proxy: Connecting to xmpp.company.com:5223 with no proxy
(17:02:09) proxy: Connection in progress
(17:02:09) proxy: Connecting to xmpp.company.com:5223.
(17:02:09) proxy: Connected to xmpp.company.com:5223.
(17:02:09) gnutls: Starting handshake with xmpp.company.com
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
(17:02:09) gnutls: lvl 3: HSK[85dc038]: Keeping ciphersuite: RSA_ARCFOUR_MD5
(17:02:09) gnutls: lvl 3: HSK[85dc038]: CLIENT HELLO was send [65 bytes]
(17:02:09) gnutls: lvl 4: REC[85dc038]: Sending Packet[0] Handshake(22) with length: 65
(17:02:09) gnutls: lvl 2: ASSERT: gnutls_cipher.c:204
(17:02:09) gnutls: lvl 4: REC[85dc038]: Sent Packet[1] Handshake(22) with length: 70
(17:02:09) gnutls: lvl 2: ASSERT: gnutls_buffers.c:322
(17:02:09) gnutls: lvl 2: ASSERT: gnutls_buffers.c:1032
(17:02:09) gnutls: lvl 2: ASSERT: gnutls_handshake.c:1045
(17:02:10) gnutls: lvl 4: REC[85dc038]: Expected Packet[0] Handshake(22) with length: 1
(17:02:10) gnutls: lvl 4: REC[85dc038]: Received Packet[0] Alert(21) with length: 2
(17:02:10) gnutls: lvl 2: ASSERT: gnutls_cipher.c:204
(17:02:10) gnutls: lvl 4: REC[85dc038]: Decrypted Packet[0] Alert(21) with length: 2
(17:02:10) gnutls: lvl 4: REC[85dc038]: Alert[2|0] - Close notify - was received
(17:02:10) gnutls: lvl 2: ASSERT: gnutls_record.c:695
(17:02:10) gnutls: lvl 2: ASSERT: gnutls_record.c:1048
(17:02:10) gnutls: lvl 2: ASSERT: gnutls_buffers.c:1032
(17:02:10) gnutls: lvl 2: ASSERT: gnutls_handshake.c:1045
(17:02:10) gnutls: lvl 2: ASSERT: gnutls_handshake.c:2364
(17:02:10) gnutls: Handshake failed. Error A TLS fatal alert has been received.
(17:02:10) connection: Connection error on 858e730 (reason: 5 description: SSL Handshake Failed)
(17:02:10) gnutls: lvl 2: ASSERT: gnutls_record.c:262
(17:02:10) account: Disconnecting account sebastian.kayser at company.com/XMPP (8193260)
(17:02:10) connection: Disconnecting connection 858e730
(17:02:10) connection: Destroying connection 858e730

Sebastian



More information about the Support mailing list