GnuTLS recv error (-9): A TLS packet with unexpected length was received. - with Paypal Website Payment Pro

Nikos Mavrogiannopoulos nmav at
Thu Feb 3 11:03:10 CET 2011

On Wed, Feb 2, 2011 at 11:33 PM, Joe Orton <joe at> wrote:
>> Several sites terminate the TLS connection without following the TLS
>> protocol (i.e. sending closure alerts), but rather terminate the TCP
>> connection directly. This is a relic of SSLv2 and it seems other
>> implementations ignore this error. GnuTLS doesn't and thus prints
>> this error. You could ignore it, but then you could not distinguish
>> between a premature connection termination (i.e. by someone injecting
>> a stray TCP termination packet) and normal termination.
> The problem is that GnuTLS does not distinguish the TCP closure case
> from this rather generic "unexpected length" error, as has been
> discussed on this list before.  The OpenSSL API does expose this
> distinction.

How does openssl expose this distinction? Does it have a separate error for
unclean termination?


More information about the Gnutls-devel mailing list