GnuTLS recv error (-9): A TLS packet with unexpected length was received. - with Paypal Website Payment Pro

Nikos Mavrogiannopoulos nmav at
Mon Feb 7 17:12:30 CET 2011

On 02/03/2011 02:40 PM, Dan Winship wrote:
> On 02/03/2011 07:21 AM, Nikos Mavrogiannopoulos wrote:
>> Would having a special error code on this issue, such as 
>> GNUTLS_E_PREMATURE_TERMINATION make things better for
>> applications?
> Yes, although that should be part of the ABI break you were talking 
> about so it doesn't break people who expect to see 

The master branch (what will become 3.0.0), now distinguishes
the EOF error from other parsing errors.

> Another case that currently gets "unexpected packet length" is if
> you try to handshake with a peer that's not actually speaking TLS. It
> seems like it wouldn't be hard for gnutls to notice that and return 
> "GNUTLS_E_NOT_TLS" or something in that case. (It only needs to do
> it for the first packet received on the first handshake attempt.)
> This would let things like "gnutls-cli -p 80" (and
> equivalent higher-level actions) fail with a better error message.

Actually this uncovered an error message that was not returned. The
error should have been GNUTLS_E_UNEXPECTED_PACKET. gnutls cannot
possibly distinguish between TLS and non-TLS data. It expects TLS data
and if they are not given it will return the parsing error occurred.
It is up to you to make the deduction that this is actually


More information about the Gnutls-devel mailing list