Cannot connect to github.com, download.mono-project.com

Description of problem:

GnuTLS based applications fail to connect to github.com and download.monoproject.com

Version of gnutls used:

3.6.13

Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Ubuntu 20.04 Focal Fossa

How reproducible:

Consistently reproducable

Steps to Reproduce:

git clone https://github.com/prominic/groovy-language-server.git

echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list
sudo apt update

Actual results:

GIT_CURL_VERBOSE=1 git clone https://github.com/prominic/groovy-language-server.git

Cloning into 'groovy-language-server'...
* Couldn't find host github.com in the .netrc file; using defaults
*   Trying 140.82.118.4:443...
* TCP_NODELAY set
* Connected to github.com (140.82.118.4) port 443 (#0)
* found 388 certificates in /etc/ssl/certs
* ALPN, offering h2
* ALPN, offering http/1.1
* gnutls_handshake() failed: Error in the pull function.
* Closing connection 0
fatal: unable to access 'https://github.com/prominic/groovy-language-server.git/': gnutls_handshake() failed: Error in the pull function.

sudo apt update

...
Get:11 http://ae.archive.ubuntu.com/ubuntu focal-updates/universe i386 Packages [20.0 kB]                            
Get:12 http://ae.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [27.2 kB]                           
Ign:13 https://download.mono-project.com/repo/ubuntu stable-bionic InRelease                                               
Err:14 https://download.mono-project.com/repo/ubuntu stable-bionic Release
  Could not wait for server fd - select (11: Resource temporarily unavailable) [IP: 152.199.19.161 443]

Expected results:

git clone succeeds
sudo apt update succeeds

I already posted about this in #984 (comment 339171011) but in hindsight I don't think this is the same issue, so I'm creating a separate issue for this.

$ gnutls-cli github.com
Processed 128 CA certificate(s).
Resolving 'github.com:443'...
Connecting to '140.82.118.4:443'...
*** Fatal error: The operation timed out

Versions:

$ apt show libgnutls30
Package: libgnutls30
Version: 3.6.13-2ubuntu1

$ apt show gnutls-bin
Package: gnutls-bin
Version: 3.6.13-2ubuntu1

OpenSSL-linked curl works fine, so do browsers, wget... I also have a Linux Mint 19.2 VM (based on Ubuntu bionic), where I have none of these issues. On the same network btw. No proxies involved here, no authentication required anywhere.

debug.txt

Edited May 08, 2020 by Maarten Boekhold