[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Frequent disconnects between openssl client and gnutls server
From:       Greg Martyn <greg.martyn () gmail ! com>
Date:       2013-03-13 17:13:16
Message-ID: CAJt6_8vmSusF6e-rdLQYgo0Nq1ss5neUX=Pcqm5hEucn0BHJmQ () mail ! gmail ! com
[Download RAW message or body]

I spend most of my day connected to two SSL-secured IRC servers and
one unsecured IRC server. The IRC servers both use GnuTLS. My IRC
client uses OpenSSL.

After upgrading my local system from openssl-1.0.1c-7.fc18.x86_64 to
openssl-1.0.1e-3.fc18.x86_64, I would frequently get disconnected from
the secure IRC servers. It would only happen to one at a time. I'd be
connected, then a minute later get disconnected, my IRC client would
automatically reconnect 10 seconds later, then the situation would
repeat itself. Over and over again, dozens of times before going back
to normal. I'd be able to talk in the channels for only a couple of
seconds before getting disconnected. Meanwhile I'd be connected to the
other servers with no problems. Then it'd go for a while with no
problems at all and the other secure server would start having
trouble. If it were a connection problem on my end, I'd think that
both servers would have trouble at the same time. Throughout this, I
remain connected to the unsecure server without issue. Rebooting the
IRC daemon on the server seems to cause the issue to go away for a
while, but it also disconnects the other users so I'd rather not do
that.

After downgrading to openssl-1.0.1c-7.fc18.x86_64, the problem went away.

When the disconnection happens, the client log shows:
[11:30] [Error] Connection to server server1.example.com (port 6667)
lost: Unknown error.
The server logs show:
QUIT: Client exiting: A TLS packet with unexpected length was received.

I'm using the Konversation IRC client, which uses OpenSSL. The servers
are running the InspIRCd server, with a GnuTLS module that handles
SSL.

Are there any known issues with OpenSSL talking to GnuTLS? Did
something change between OpenSSL 1.0.1c and 1.0.1e that would cause
this? Is there any other information that I could provide that would
be useful?

Thanks,
Greg
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]