GnuTLS "Error in the pull function" : cannot establish connection with VPN server

Tue Jan 19 03:06:25 PST 2016

On wto, 2016-01-19 at 09:07 +0100, Nikos Mavrogiannopoulos wrote:
> On Mon, Jan 18, 2016 at 1:11 PM, Pawel Stankowski
> <Pawel.Stankowski at fara.no> wrote:
> > > > e is the output I got (after upgrade to Ubuntu 15.10):
> > > > # openconnect --version
> > > > OpenConnect version v7.06
> > > > Using GnuTLS. Features present: PKCS#11, RSA software token,
> > > > HOTP
> > > > software token, TOTP software token, DTLS
> > > > past at past-ubuntu:~$
> > > > # openconnect -v <VPN IP>
> > > > POST https://<VPN IP>
> > > > Attempting to connect to server XX.XX.XX.XXX:443
> > > > SSL negotiation with <VPN IP>
> > > > SSL connection failure: Error in the pull function.
> > > 
> > > This is most likely a networking error. You can check the
> > > connection
> > > status with wireshark, and/or set GNUTLS_DEBUG_LEVEL=6 for more
> > > information.
> > Seems that there is some incompatibility between GnuTLS and this
> > VPN
> > server. I reproduced the same problem on Debian 8 "Jessie". The
> > same
> > server works fine with both AnyConnect and openconnect compiled
> > without
> > GnuTLS. I get known that the server I connect to is some Cisco ASA
> > Firewall.
> 
> Which version of gnutls is that? Could  you try running
> gnutls-cli-debug on that server?

GnuTLS debug client 3.3.15
Checking <...>:443
                             for SSL 3.0 (RFC6101) support... no
                        whether we need to disable TLS 1.2... yes
                        whether we need to disable TLS 1.1... yes
                        whether we need to disable TLS 1.0... no
                        whether %NO_EXTENSIONS is required... no
                               whether %COMPAT is required... no
                             for TLS 1.0 (RFC2246) support... yes
                             for TLS 1.1 (RFC4346) support... no
                                  fallback from TLS 1.1 to... failed
                             for TLS 1.2 (RFC5246) support... no
                                     for HTTPS server name... unknown
                               for certificate chain order... sorted
                  for safe renegotiation (RFC5746) support... yes
                           for heartbeat (RFC6520) support... no
                       for version rollback bug in RSA PMS... no
                  for version rollback bug in Client Hello... no
            whether the server ignores the RSA PMS version... yes
            whether small records (512 bytes) are accepted... yes
    whether cipher suites not in SSL 3.0 spec are accepted... yes
whether a bogus TLS record version in the client hello is accepted...
yes
         whether the server understands TLS closure alerts... partially
            whether the server supports session resumption... yes
                      for anonymous authentication support... no
                      for ephemeral Diffie-Hellman support... no
                   for ephemeral EC Diffie-Hellman support... no
                  for AES-128-GCM cipher (RFC5288) support... no
                  for AES-128-CBC cipher (RFC3268) support... yes
             for CAMELLIA-128-GCM cipher (RFC6367) support... no
             for CAMELLIA-128-CBC cipher (RFC5932) support... no
                     for 3DES-CBC cipher (RFC2246) support... yes
                  for ARCFOUR 128 cipher (RFC2246) support... yes
                                       for MD5 MAC support... no
                                      for SHA1 MAC support... yes
                                    for SHA256 MAC support... no
                              for ZLIB compression support... no
                     for max record size (RFC6066) support... no
                for OCSP status response (RFC6066) support... no
              for OpenPGP authentication (RFC6091) support... no

Regards,
Paweł Stankowski