gooparm Posted August 17, 2022 Share Posted August 17, 2022 (edited) I'm not sure this is right place to submit libgnutls30 armbian package issues. If anyone libgnutls30 to 3.6.7.4-deb10u9, you may have trouble to connect some SSL destinations. I revert it back to 10u7, then problem was gone. 20220817.05:18:10 root@armbianr2s:~/lkm# echo -e "GET / HTTP/1.1\n\n\n" | openssl s_client -connect web.telegram.org:443 -tlsextdebug CONNECTED(00000003) ^C 20220817.05:18:47 root@armbianr2s:~/lkm# #SSL_CONNECTION_PROBLEM_SOME_SITES_AFTER_UPGRADE_libgnutls30_THEN_REBOOT; 20220817.05:19:03 root@armbianr2s:~/lkm# #PROBLEM_ALSO_HAPPENED_WHILE_tcptraceroute_THEREFORE_I_WAS_REALLY_CONFUSED_AND_WASTED_TIME. BECAUSE, tcptrace and python NOTE TO ME Connection Timeout(I_WAS_MISTAKEN_PROBLEM_BETWEEN_NETWORK_PATH_OR_DESTINATION_SERVICE_BLOCKS_MY_IP) 20220817.05:19:45 root@armbianr2s:~/lkm# #BUT,THIS CONNECTION PROBLEM HAPPENDED BY libgnutls30!!! 20220817.05:54:50 root@armbianr2s:~/lkm# apt-get -s install libgnutls30=3.6.7-4+deb10u7 Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: gnutls-bin The following packages will be DOWNGRADED: libgnutls30 0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 0 not upgraded. Inst libgnutls30 [3.6.7-4+deb10u9] (3.6.7-4+deb10u7 Debian:10.12/oldstable [arm64]) Conf libgnutls30 (3.6.7-4+deb10u7 Debian:10.12/oldstable [arm64]) 20220817.05:55:11 root@armbianr2s:~/lkm# echo -e "GET / HTTP/1.1\n\n\n" | openssl s_client -connect web.telegram.org:443 -tlsextdebug CONNECTED(00000003) TLS server extension "supported versions" (id=43), len=2 0000 - 03 04 .. TLS server extension "key share" (id=51), len=36 0000 - 00 1d 00 20 cc c3 07 cd-ca 4c 1a ae db 51 b9 e3 ... .....L...Q.. 0010 - 86 02 18 3e fa b5 b7 bd-0d f2 27 20 fb e8 c9 a5 ...>......' .... 0020 - 16 45 ff 08 .E.. TLS server extension "server name" (id=0), len=0 depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 verify return:1 depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 verify return:1 depth=0 OU = Domain Control Validated, CN = *.web.telegram.org verify return:1 --- Certificate chain 0 s:OU = Domain Control Validated, CN = *.web.telegram.org i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 2 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority 3 s:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGvDCCBaSgAwIBAgIJAJjKNDH6CCbXMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD ..SNIP.. ..SNIP.. ..SNIP.. xFtIy/Z3OffAcOWV/l+xh7s/8E/cqSNLOvnDPCgCW1s98JWw7xwL+EwGYxS4N2pY -----END CERTIFICATE----- subject=OU = Domain Control Validated, CN = *.web.telegram.org issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5720 bytes and written 388 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE 20220817.05:55:28 root@armbianr2s:~/lkm# Edited August 17, 2022 by gooparm 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.