New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL/TLS handshake failure: protocol error #1494
Comments
It’s likely network problem (GFW) when you try to download something on a worldwide website from mainland China. I frequently interact with resources CDN’d by Cloudflare and AWS and I see similar logs almost everyday, from all sorts of data transfer software. My advice: Either use an address you know is located in China, like the redirected CN address ( Maybe it’s indeed an issue with Aria 2. But in my experience, GFW doesn’t just block websites, it messes with network traffic here and there and causes all kinds of software glitches that are not exactly issues of software themselves. |
Update: aria2c built with gnutls has no problem with my tests. But arai2 built with openssl has problem doing handshaking on some sites with TLS 1.3. Anyone familiar with the code could dig it deeper. Same problem occurred on my macbook. aria2 built with openssl failed to do TLS handshake.
This is not a problem for aria2 built with gnutls. BTW, appletls has no support for TLS v1.3 yet, which is the reason I tried to build aria2 with openssl or gnutls. |
1. aria2/aria2#1636 Aria2 built with gnutls failed to use the gnutls provided ca certs. Switch to the system one during compiling with `--with-ca-bundle`. 2. aria2/aria2#1494 Aria2 built with opessl failed to handshake with some certs. During my test, it failed to handshake with my self-signed cert cause only one ecdh curve secp256r1 was provided. But aria2 built with gnutls provides other curves and handshake succeeds.
aria2's OpenSSL integration breaks down when interacting with TLS v1.3 enabled websites which manifests in errors like these: ``` 07/05 12:26:53 [NOTICE] Downloading 1 item(s) 07/05 12:26:54 [ERROR] CUID#7 - Download aborted. URI=https://catbox.moe Exception: [AbstractCommand.cc:351] errorCode=1 URI=https://catbox.moe -> [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: protocol error ``` There are multiple instances[1] of users reporting this to the aria2 issue tracker, and one of those issues[2] documents using GnuTLS in place of OpenSSL as a workaround for the TLS v1.3 woes. I've verified that it indeed fixes the problem, and hence making this change in Nixpkgs. 1: https://github.com/aria2/aria2/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+%22protocol+error%22 2: aria2/aria2#1494
aria2's OpenSSL integration breaks down when interacting with TLS v1.3 enabled websites which manifests in errors like these: ``` 07/05 12:26:53 [NOTICE] Downloading 1 item(s) 07/05 12:26:54 [ERROR] CUID#7 - Download aborted. URI=https://catbox.moe Exception: [AbstractCommand.cc:351] errorCode=1 URI=https://catbox.moe -> [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: protocol error ``` There are multiple instances[1] of users reporting this to the aria2 issue tracker, and one of those issues[2] documents using GnuTLS in place of OpenSSL as a workaround for the TLS v1.3 woes. I've verified that it indeed fixes the problem, and hence making this change in Nixpkgs. 1: https://github.com/aria2/aria2/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+%22protocol+error%22 2: aria2/aria2#1494
Example:
This is my own build:
The one ships with debian 10 works fine though:
The text was updated successfully, but these errors were encountered: