gooparm Posted August 17, 2022 Posted August 17, 2022 (edited) I'm not sure this is right place to submit libgnutls30 armbian package issues. If anyone libgnutls30 to 3.6.7.4-deb10u9, you may have trouble to connect some SSL destinations. I revert it back to 10u7, then problem was gone. 20220817.05:18:10 root@armbianr2s:~/lkm# echo -e "GET / HTTP/1.1\n\n\n" | openssl s_client -connect web.telegram.org:443 -tlsextdebug CONNECTED(00000003) ^C 20220817.05:18:47 root@armbianr2s:~/lkm# #SSL_CONNECTION_PROBLEM_SOME_SITES_AFTER_UPGRADE_libgnutls30_THEN_REBOOT; 20220817.05:19:03 root@armbianr2s:~/lkm# #PROBLEM_ALSO_HAPPENED_WHILE_tcptraceroute_THEREFORE_I_WAS_REALLY_CONFUSED_AND_WASTED_TIME. BECAUSE, tcptrace and python NOTE TO ME Connection Timeout(I_WAS_MISTAKEN_PROBLEM_BETWEEN_NETWORK_PATH_OR_DESTINATION_SERVICE_BLOCKS_MY_IP) 20220817.05:19:45 root@armbianr2s:~/lkm# #BUT,THIS CONNECTION PROBLEM HAPPENDED BY libgnutls30!!! 20220817.05:54:50 root@armbianr2s:~/lkm# apt-get -s install libgnutls30=3.6.7-4+deb10u7 Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: gnutls-bin The following packages will be DOWNGRADED: libgnutls30 0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 0 not upgraded. Inst libgnutls30 [3.6.7-4+deb10u9] (3.6.7-4+deb10u7 Debian:10.12/oldstable [arm64]) Conf libgnutls30 (3.6.7-4+deb10u7 Debian:10.12/oldstable [arm64]) 20220817.05:55:11 root@armbianr2s:~/lkm# echo -e "GET / HTTP/1.1\n\n\n" | openssl s_client -connect web.telegram.org:443 -tlsextdebug CONNECTED(00000003) TLS server extension "supported versions" (id=43), len=2 0000 - 03 04 .. TLS server extension "key share" (id=51), len=36 0000 - 00 1d 00 20 cc c3 07 cd-ca 4c 1a ae db 51 b9 e3 ... .....L...Q.. 0010 - 86 02 18 3e fa b5 b7 bd-0d f2 27 20 fb e8 c9 a5 ...>......' .... 0020 - 16 45 ff 08 .E.. TLS server extension "server name" (id=0), len=0 depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 verify return:1 depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 verify return:1 depth=0 OU = Domain Control Validated, CN = *.web.telegram.org verify return:1 --- Certificate chain 0 s:OU = Domain Control Validated, CN = *.web.telegram.org i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 2 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority 3 s:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGvDCCBaSgAwIBAgIJAJjKNDH6CCbXMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD ..SNIP.. ..SNIP.. ..SNIP.. xFtIy/Z3OffAcOWV/l+xh7s/8E/cqSNLOvnDPCgCW1s98JWw7xwL+EwGYxS4N2pY -----END CERTIFICATE----- subject=OU = Domain Control Validated, CN = *.web.telegram.org issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5720 bytes and written 388 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE 20220817.05:55:28 root@armbianr2s:~/lkm# Edited August 17, 2022 by gooparm 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.