gnutls_handshake() failed: Error in the pull function
21,684
After some analysis I have come to the conclusion that the reason must be one of:
- That host has blocked my IP from opening connections on port 443.
- Some kind of firewall has blocked me from opening connections on port 443.
I solved it by using another server.
Related videos on Youtube
Author by
joscul
Updated on September 18, 2022Comments
-
joscul over 1 year
I have a problem with my Ubuntu (Ubuntu 16.04.5 LTS) server. It is very strange. When I try to use any tool for fetching a specific URL over ssl it fails. Examples:
CURL
curl -v https://www.netonnet.se/ * Trying 91.198.164.24... * Connected to www.netonnet.se (91.198.164.24) port 443 (#0) * found 148 certificates in /etc/ssl/certs/ca-certificates.crt * found 596 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * gnutls_handshake() failed: Error in the pull function. * Closing connection 0 curl: (35) gnutls_handshake() failed: Error in the pull function.
WGET
wget -v https://www.netonnet.se/ --2018-12-29 12:00:42-- https://www.netonnet.se/ Resolving www.netonnet.se (www.netonnet.se)... 91.198.164.24 Connecting to www.netonnet.se (www.netonnet.se)|91.198.164.24|:443... connected. Unable to establish SSL connection
Any other way I try to access this website also fails so it must be something deeper, these requests are successful on all other servers I tried it on. It affects all users on this sever. I don't use any proxys on this server. How do I debug this?
EDIT
This is what I get when I try openssl. There seems to be something wrong with fetching the certificate from the host.
# openssl s_client -servername www.netonnet.se -connect www.netonnet.se:443 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 317 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.3 Cipher : 0000 Session-ID: Session-ID-ctx: Resumption PSK: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1546109807 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 ---