TLS1.2 Failure - Handshake not supported

[pheerai]

When downloading a file via HTTPS, I get the error

05/24 13:28:41 [ERROR] CUID#6 - Download aborted. URI=https://ftp.f3l.de/aurbs/x86_64/aurbs.db
Exception: [AbstractCommand.cc:350] errorCode=1 URI=https://ftp.f3l.de/aurbs/x86_64/aurbs.db
  -> [SocketCore.cc:933] errorCode=1 SSL/TLS handshake failure: The signature algorithm is not supported.

The Host has a CACert-Certificate that is trusted globally by my PC.
My aria2c is build against libgnutls.so.30.
When connecting directly with gnutls, I get the following error (Shortened to relevant part):

[foor@bar:~]$ gnutls-cli ftp.f3l.de
[...]
- Certificate type: X.509
[...]
- Status: The certificate is trusted. 
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-128-GCM)
[...]
- Ephemeral EC Diffie-Hellman parameters
 - Using curve: SECP256R1
 - Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA1
- Cipher: AES-128-GCM
- MAC: AEAD
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed

So, the handshake failure does not lie within the range of gnutls.

[tatsuhiro-t]

We use SECURE128 priority settings for gnutls, and it seems that it disables RSA-SHA1 signature algorithm support. I think you can reproduce this with gnutls-cli with --priority SECURE128 parameter.

The following patch would fix this:

diff --git a/src/LibgnutlsTLSSession.cc b/src/LibgnutlsTLSSession.cc
index ab3daf2..81f3720 100644
--- a/src/LibgnutlsTLSSession.cc
+++ b/src/LibgnutlsTLSSession.cc
@@ -127,7 +127,7 @@ int GnuTLSSession::init(sock_t sockfd)
   // It seems err is not error message, but the argument string
   // which causes syntax error.
   const char* err;
-  std::string pri = "SECURE128";
+  std::string pri = "SECURE128:+SIGN-RSA-SHA1";
   switch(tlsContext_->getMinTLSVersion()) {
   case TLS_PROTO_TLS12:
     pri += ":-VERS-TLS1.1";

[pheerai]

For the site I visit (ftp.f3l.de), the Signature Algorithm is, in fact, SHA512.

After digging around some more with your diff in mind, I stumbled upon this neat little Bug within GnuTLS on Debian/Wheezy:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737921
Means, this isn't related to aria2 Client-Side, but to gnuTLS Server-Side.

[tatsuhiro-t]

Thank you. From my attempt to connect to that site, I see signature algorithm RSA-SHA1. Even your first post prove it:

- Server Signature: RSA-SHA1

Anyway, latest gnutls includes SIGN-RSA-SHA512 support, so it might help here.

[sledges]

All servers with - Server Signature: RSA-SHA1 that I tried to download from with aria2-1.19.0 fail, curl works just fine.

Older aria2 versions never had this problem, so it looks like a security-driven regression, which are very hard to handle.

We can't ask the world to upgrade their gnuTLS; is there a compromise the aria2 team would make most https servers downloadable again?

[tatsuhiro-t]

We fixed this in master branch. Next release will have this fix.

[sledges]

Thank you ever so much, waiting patiently for the next release :) I use ArchLinux, so will get it really early :)

[antbryan]

Filed for Ubuntu downstream at https://bugs.launchpad.net/ubuntu/+source/aria2/+bug/1553778

[q3aql]

@antbryan This is maybe a problem with certificates. You can try disable it with the following command:

$ aria2c --check-certificate=false https://sourceforge.net/projects/xbian/files/release/XBian_2016.03.01_rpi.img.gz/download

Also, you can use my ca-certificates (ca-certificates.crt):

$ aria2c --ca-certificate=ca-certificates.crt https://sourceforge.net/projects/xbian/files/release/XBian_2016.03.01_rpi.img.gz/download

[agentcobra]

Same problem for me, I'm under:

Distributor ID: Debian
Description: Debian GNU/Linux 8.6 (jessie)
Release: 8.6
Codename: jessie

aria was installed from depot
aria2 version 1.18.8

[tobwen]

Problem still exists in Debian Jessie. "check-certificate=false" is ignored as parameter and in config-file.
Even on websites with modern certificates and signature: aria2c https://www.hidrive.strato.com/