Post Reply
renat2017
Posts: 3
Joined: Tue Feb 07, 2017 1:06 pm

Raspbian Wheezy gnutls ciphers outdated

Tue May 16, 2017 10:40 am

Hi!

We're using Raspbian wheezy and found that UZBL browser (and wget, and gnutls-cli) doesn't support ciphers used by CloudFlare, and we get SSL errors.

Code: Select all

~ $ gnutls-cli screenly.io
Resolving 'screenly.io'...
Connecting to '104.27.189.73:443'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.
Did anybody encounter anything similar? What is the best resolution for this?

Thanks
mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: Raspbian Wheezy gnutls ciphers outdated

Tue May 16, 2017 12:46 pm

renat2017 wrote:Hi!

We're using Raspbian wheezy and found that UZBL browser (and wget, and gnutls-cli) doesn't support ciphers used by CloudFlare, and we get SSL errors.

Code: Select all

~ $ gnutls-cli screenly.io
Resolving 'screenly.io'...
Connecting to '104.27.189.73:443'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.
Did anybody encounter anything similar? What is the best resolution for this?

Thanks
Wheezy is pretty out of date now so will be using some very old packages. The best solution would probably be to update your system to use a newer Jessie based install. If you really want to stay with Wheezy then you might be able to manually compile an updated version of the library, but that may lead to other issues.
renat2017
Posts: 3
Joined: Tue Feb 07, 2017 1:06 pm

Re: Raspbian Wheezy gnutls ciphers outdated

Tue May 16, 2017 1:03 pm

Thanks for your response.

I was able to make it work using UZBL installed from Jessie, and it worked fine, but we need to distribute it to a large fleet of raspberry pis of different configurations so I was seeking for not so risky solution.

But thanks, anyhow.

Another solution I have in mind is to build an all-in-one uzbl executable with all dependencies are compiled in statically.
runboy93
Posts: 352
Joined: Tue Feb 28, 2017 1:17 pm
Location: Finland
Contact: Website

Re: Raspbian Wheezy gnutls ciphers outdated

Tue May 16, 2017 1:36 pm

Update to Jessie :)
renat2017
Posts: 3
Joined: Tue Feb 07, 2017 1:06 pm

Re: Raspbian Wheezy gnutls ciphers outdated

Mon May 22, 2017 2:55 pm

For me working solution was to recompile all necessary debs against libgnutls28-dev instead of libgnutls27.

Thanks for help!
mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: Raspbian Wheezy gnutls ciphers outdated

Mon May 22, 2017 4:51 pm

You really ought to consider upgrading the fleet to Jessie as Wheezy is getting pretty old now so you're likely to have other issues going forward. It may not be an immediate upgrade but start planning for it before the next issue comes up.
Post Reply

Return to “Troubleshooting”