Ubuntu 14.04, A TLS packet with unexpected length was received

Hi All,

We are running Ubuntu 14.04 (sorry haven’t upgraded yet), and getting this error when installing packages through apt:

Failed to fetch https://repos.influxdata.com/ubuntu/dists/trusty/stable/binary-amd64/Packages

gnutls_handshake() failed: A TLS packet with unexpected length was received.

We used an online TLS checker to check https://repos.influxdata.com,

https://www.cdn77.com/tls-test

It mentions TLS 1.1 (deprecated) disabled. Was TLS 1.1 always disabled or was it recently disabled?

Any creative suggestions to resolve it?

We are exploring 1) using a proxy (nginx and ALB) that supports TLS 1.1, or 2) installing just the deb package itself using dpkg, or 3) recompiling gnutls with a a version of openssl that supports TLS 1.1.

This link https://launchpad.net/ubuntu/+source/gnutls26 mentions 2.12.23-12ubuntu2.10 2019-03-15 which seems to resolve it but not sure how to install that specific version of the package. We are currently on 2.12.23-12ubuntu2.8. How can we upgrade to 2.12.23-12ubuntu2.10? Is a particular deb package, or repo we need to add?

Much appreciate any suggestions.

Thanks,

Yep, getting this too.

singflux did you actually fix the issue? Getting this as well.

Hello @Zinovii_Dmytriv,
I’m passing your question along to someone who might be able to help. I appreciate your patience.

TLS 1.1 was deprecated and disabled because it was deemed compromised.

I would go with: installing just the deb package itself using dpkg on such an old OS.
Ubunty 14.04 EOLed April 2019.

Hey I’m getting the same issue too did you guys manage to solve the issue

@tim.hall Have you tried to install the deb package? Installing the deb package for some reason did not work for us, and still got the error. Maybe we had the wrong package version. There was something deeper going on.

http://launchpadlibrarian.net/415233655/gnutls-bin_3.0.11+really2.12.23-12ubuntu2.10_amd64.deb

# gnutls-cli -V -p 443 repos.influxdata.com
Resolving 'repos.influxdata.com'...
Connecting to '13.224.42.90:443'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GnuTLS error: A TLS packet with unexpected length was received.

@Zinovii_Dmytriv, dmwyatt, J_Warner

We managed to solve it with a workaround. Option 1) mentioned above, using a proxy (nginx and ALB) that supports TLS 1.1

We used nginx, the key is proxy_pass, example configuration:

server {
    listen 80;
    server_name ~^influx-repo-proxy.*\.mycompany\.com$;
    location /ubuntu {
        proxy_ssl_server_name on;
        proxy_pass https://repos.influxdata.com;
    }
}

In this file
/etc/apt/sources.list
Replaced this:
deb https://repos.influxdata.com/ubuntu trusty stable
With this:
deb http://influx-repo-proxy.mycompany.com/ubuntu trusty stable