Element-web: handshake failed on Debian repo update
Description
I get a handshake failure when updating my repos on an Ubuntu 14.04-based distribution:
W: Failed to fetch https://riot.im/packages/debian/dists/trusty/main/binary-i386/Packages gnutls_handshake() failed: Handshake failed
It has been a few day already. I have tried deleting and re-adding the repos.
Steps to reproduce
- Add the Riot Debian repo according to https://riot.im/desktop.html
- Update repos with
sudo apt-get update
The repos used to be fine, but I recall this issue starting to happen about 1 to 2 weeks ago.
Version information
- Platform: desktop app
For the desktop app:
- OS: KXStudio 14.04 (based on Ubuntu 14.04)
- Version: stuck at 0.13.5
matrix-react-sdk version:
riot-web version: 0.13.5
olm version: 2.2.1
stragu
All 9 comments
We've made a configuration change (or rather, unmade a configuration change that we made a few days ago) that should fix this. Can you let me know how you get on?
EDIT - my mistake - we actually made that change before you filed this issue, so it probably won't help.
lampholder
on 27 Mar 2018
Thanks for the reply, @lampholder !
I just gave it another go and the handshake still fails.
Any chance the problem could be on my side? Has anyone else reported this?
Just to be extra clear: the handshake fails for both 32 and 64 bit architecture packages:
W: Failed to fetch https://riot.im/packages/debian/dists/trusty/main/binary-amd64/Packages gnutls_handshake() failed: Handshake failed
W: Failed to fetch https://riot.im/packages/debian/dists/trusty/main/binary-i386/Packages gnutls_handshake() failed: Handshake failed
E: Some index files failed to download. They have been ignored, or old ones used instead.
@stragu It happens on two of the machines I manage as well (which are the only ones where I've installed the Riot Debian repo).
dkasak
on 28 Mar 2018
Yeah, I can reproduce this - just set up a fresh 14.04 VM, followed the instructions and got the exact same result. I'll... poke the right people to look at this :)
lampholder
on 28 Mar 2018
root@temp:~# gnutls-cli -V -p 443 riot.im
Resolving 'riot.im'...
Connecting to '104.27.178.139:443'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.
root@temp:~# openssl s_client -connect riot.im:443
CONNECTED(00000003)
140192494548640:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
root@temp:~# openssl s_client -tls1_2 -connect riot.im:443
CONNECTED(00000003)
139703448270496:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1522231321
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
The problem here is that 14.04 is too old to support SNI: see https://github.com/nodesource/distributions/issues/353 - we'll look at getting this on non-SNI
dbkr
on 28 Mar 2018
I've just set this up so SNI is no longer required, so this should work now.
dbkr
on 11 Apr 2018
I can confirm that it works as expected now! Thank you for your help! :)
stragu
on 12 Apr 2018
Related issues
n-o-o-b
·
3Comments
grahamperrin
·
3Comments
turt2live
·
3Comments
NotAFile
·
3Comments
lukebarnard1
·
3Comments
Most helpful comment
I've just set this up so SNI is no longer required, so this should work now.