Connection problems with older servers (record packet with invalid length was received)
Description of problem:
When connecting to an older server, sometimes the connection is terminated because of invalid record length errors. To me it looks as if newer versions of GnuTLS are too strict in record length checking (however I am not an expert).
This could have something to do with plaintext length vs. padded length or similar.
Version of gnutls used:
On client side:
tried with 3.6.9-1, 3.6.8-2 and 3.6.7-4.
On server side:
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Debian (buster); also tried the sid and experimental versions on said buster client.
Steps to Reproduce:
Run on older Ubuntu 14.04 machine:
gnutls-serv --echo --x509keyfile /etc/ssl/private/ssl-cert-snakeoil.key --x509certfile /etc/ssl/certs/ssl-cert-snakeoil.pem
Run on buster or newer client machine:
pwgen 16383 | gnutls-cli --no-ca-verification --port 5556 server.machine
Processed 130 CA certificate(s). Resolving 'redacted'... Connecting to 'redacted:5556'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate info: - subject `CN=redacted', issuer `CN=redacted', serial 0x00e120b43d69e2e4d8, RSA key 2048 bits, signed using RSA-SHA256, activated `2017-07-06 10:03:48 UTC', expires `2027-07-04 10:03:48 UTC', pin-sha256="SxggXxyfEDi9fmVyLwzPN9yE5y69T92aF8CBdGMe9Rc=" Public Key ID: sha1:21c8b2ecfc2b23da00de3371a4aa7bb8b8fc13bc sha256:4b18205f1c9f1038bd7e65722f0ccf37dc84e72ebd4fdd9a17c08174631ef517 Public Key PIN: pin-sha256:SxggXxyfEDi9fmVyLwzPN9yE5y69T92aF8CBdGMe9Rc= - Successfully sent 0 certificate(s) to server. - Description: (TLS1.2)-(RSA)-(AES-256-CBC)-(SHA1) - Session ID: 74:27:72:45:ED:A4:AA:BD:4C:06:1C:43:3D:1C:71:3D:AE:02:14:06:7D:72:25:01:ED:4F:50:BF:C5:67:1C:79 - Options: safe renegotiation, - Handshake was completed - Simple Client Mode: |<1>| Received packet with illegal length: 16624 *** Fatal error: A TLS record packet with invalid length was received. *** Server has terminated the connection abnormally.
No error shown on server:
* Successful handshake from IPv4 REDACTED_IP port 43420 - Given server name: ldap.indurad.x - Certificate type: X.509 No certificates found! - Could not verify certificate (err: The peer did not send any certificate.) - Version: TLS1.2 - Key Exchange: RSA - Cipher: AES-256-CBC - MAC: SHA1 - Compression: NULL received: pheedei [...]
The client should not disconnect and show the bytes that were sent to the server (because server echoes back).
This has been reported to Debian as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933538
I am the bug reporter (not the package maintainer), however I am involved in Debian and would also be willing to dig a little deeper, but currently am not familiar with the GnuTLS code. But if someone can point me to some commits that recently changed anything about record length checking I would be willing to try some things out.
Also I'd be interested how I might debug whether it is the server that does not follow the specs or the client that is too strict. I'd reason GnuTLS should however at least support older GnuTLS servers' behavior - even if it is out of spec.