GnuTLS recv error (-9): A TLS packet with unexpected length was received. - with Paypal Website Payment Pro
Joe Orton
joe at manyfish.co.uk
Wed Feb 2 23:33:50 CET 2011
On Wed, Feb 02, 2011 at 08:09:38AM +0100, Nikos Mavrogiannopoulos wrote:
> On 02/01/2011 06:12 PM, Zachary Krebs wrote:
> > I sent this to the libcurl community and they asked me to ping gnutls
> > to see where the issue resides:
> >
> > Thanks for considering my support request, and I hope I do not
> > agitate/irritate anyone by posting in the wrong place.
> > I looked here first: http://curl.haxx.se/mail/lib-2010-06/0169.html
> > and did not find a resolution.
> > I am attempting to use the Website Payment Pro Paypal module with Drupal CMS.
> [...]
> > When I attempt to complete a payment, I get an error in my log:
> > "GnuTLS recv error (-9): A TLS packet with unexpected length was received"
>
> Several sites terminate the TLS connection without following the TLS
> protocol (i.e. sending closure alerts), but rather terminate the TCP
> connection directly. This is a relic of SSLv2 and it seems other
> implementations ignore this error. GnuTLS doesn't and thus prints
> this error. You could ignore it, but then you could not distinguish
> between a premature connection termination (i.e. by someone injecting
> a stray TCP termination packet) and normal termination.
The problem is that GnuTLS does not distinguish the TCP closure case
from this rather generic "unexpected length" error, as has been
discussed on this list before. The OpenSSL API does expose this
distinction.
It is not uncommon for SSL servers to perform unclean TCP closure in
some cases and HTTP clients can safely work around it if the connection
is in the right state.
Zachary, if you disable keepalive support in libcurl, does it work?
Regards, Joe
More information about the Gnutls-devel
mailing list