Ubuntu 14.04, A TLS packet with unexpected length was received

singflux · October 21, 2020, 11:27pm

Hi All,

We are running Ubuntu 14.04 (sorry haven’t upgraded yet), and getting this error when installing packages through apt:

Failed to fetch https://repos.influxdata.com/ubuntu/dists/trusty/stable/binary-amd64/Packages

gnutls_handshake() failed: A TLS packet with unexpected length was received.

We used an online TLS checker to check https://repos.influxdata.com,

https://www.cdn77.com/tls-test

It mentions TLS 1.1 (deprecated) disabled. Was TLS 1.1 always disabled or was it recently disabled?

Any creative suggestions to resolve it?

We are exploring 1) using a proxy (nginx and ALB) that supports TLS 1.1, or 2) installing just the deb package itself using dpkg, or 3) recompiling gnutls with a a version of openssl that supports TLS 1.1.

This link gnutls26 package : Ubuntu mentions 2.12.23-12ubuntu2.10 2019-03-15 which seems to resolve it but not sure how to install that specific version of the package. We are currently on 2.12.23-12ubuntu2.8. How can we upgrade to 2.12.23-12ubuntu2.10? Is a particular deb package, or repo we need to add?

Much appreciate any suggestions.

Thanks,

dmwyatt · October 25, 2020, 5:45pm

Yep, getting this too.

Zinovii_Dmytriv · December 2, 2020, 11:33pm

singflux did you actually fix the issue? Getting this as well.

Anaisdg · December 3, 2020, 5:24pm

Hello @Zinovii_Dmytriv,
I’m passing your question along to someone who might be able to help. I appreciate your patience.

tim.hall · December 11, 2020, 2:21am

TLS 1.1 was deprecated and disabled because it was deemed compromised.

I would go with: installing just the deb package itself using dpkg on such an old OS.
Ubunty 14.04 EOLed April 2019.

J_Warner · December 22, 2020, 3:48pm

Hey I’m getting the same issue too did you guys manage to solve the issue

singflux · March 23, 2021, 12:02am

@tim.hall Have you tried to install the deb package? Installing the deb package for some reason did not work for us, and still got the error. Maybe we had the wrong package version. There was something deeper going on.

http://launchpadlibrarian.net/415233655/gnutls-bin_3.0.11+really2.12.23-12ubuntu2.10_amd64.deb

# gnutls-cli -V -p 443 repos.influxdata.com
Resolving 'repos.influxdata.com'...
Connecting to '13.224.42.90:443'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.

@Zinovii_Dmytriv, dmwyatt, J_Warner

We managed to solve it with a workaround. Option 1) mentioned above, using a proxy (nginx and ALB) that supports TLS 1.1

We used nginx, the key is proxy_pass, example configuration:

server {
    listen 80;
    server_name ~^influx-repo-proxy.*\.mycompany\.com$;
    location /ubuntu {
        proxy_ssl_server_name on;
        proxy_pass https://repos.influxdata.com;
    }
}

In this file
/etc/apt/sources.list
Replaced this:
deb https://repos.influxdata.com/ubuntu trusty stable
With this:
deb http://influx-repo-proxy.mycompany.com/ubuntu trusty stable

Topic		Replies	Views
Inputs.http_listener_v2 TLS - Error: socket hang up or Bad cert Telegraf telegraf	0	405	August 9, 2021
How to skip tls verification when getting config file over https Telegraf	2	332	November 29, 2023
Docker telegraf inputs.http support tls 1.0 / 1.1? Telegraf	2	511	June 29, 2022
Tls error in inputs.http_response Telegraf telegraf	4	1569	February 25, 2018
Unable to run makefile telegraf	1	1004	May 10, 2019

Ubuntu 14.04, A TLS packet with unexpected length was received

Related Topics