$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
なぜか buster って言われるけど、apt line は確かに sid のはず。
$ cat /etc/apt/sources.list.d/apt-spy.list
# sources.list generated by apt-spy v3.2.2
#
# Generated using:
#
# apt-spy \
# -s jp \
# -d unstable
#
deb http://ftp.jaist.ac.jp/debian/ unstable main contrib non-free
deb-src http://ftp.jaist.ac.jp/debian/ unstable main contrib non-free
#deb http://security.debian.org/ stable/updates main
なぜ?
$ gnutls-cli --version
gnutls-cli 3.6.7
...
$ openssl version
OpenSSL 1.1.1c 28 May 2019
$ wget --version
GNU Wget 1.20.1 built on linux-gnu.
-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
+ntlm +opie +psl +ssl/gnutls
Wgetrc:
/etc/wgetrc (system)
ロケール:
/usr/share/locale
コンパイル:
gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib
-I../../lib -Wdate-time -D_FORTIFY_SOURCE=2
-I/usr/include/p11-kit-1 -DHAVE_LIBGNUTLS -DNDEBUG -g -O2
-fdebug-prefix-map=/build/wget-EiPT9d/wget-1.20.1=.
-fstack-protector-strong -Wformat -Werror=format-security
-DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall
リンク:
gcc -I/usr/include/p11-kit-1 -DHAVE_LIBGNUTLS -DNDEBUG -g -O2
-fdebug-prefix-map=/build/wget-EiPT9d/wget-1.20.1=.
-fstack-protector-strong -Wformat -Werror=format-security
-DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-z,relro -Wl,-z,now
-lpcre2-8 -luuid -lidn2 -lnettle -lgnutls -lz -lpsl ftp-opie.o
gnutls.o http-ntlm.o ../lib/libgnu.a
Copyright (C) 2015 Free Software Foundation, Inc.
ライセンス GPLv3+: GNU GPL バージョン 3 あるいはそれ以降のバージョン
<http://www.gnu.org/licenses/gpl.html>.
このソフトウェアはフリーソフトウェアです。自由に変更、再配布ができます。
法律が許すかぎり、全くの無保証です。
Hrvoje Niksic <hniksic@xemacs.org> によって書かれました。
バグ報告や質問は<bug-wget@gnu.org>へ
wget は --no-check-certificate を付けても駄目という末期的状況
どうすりゃいいんだ?これ?
$ wget --no-check-certificate -S -O- --debug https://ieserver.net/
DEBUG output created by Wget 1.20.1 on linux-gnu.
Reading HSTS entries from /home/kou/.wget-hsts
URI encoding = `UTF-8'
--2019-06-23 20:46:33-- https://ieserver.net/
Certificates loaded: 129
ieserver.net (ieserver.net) をDNSに問いあわせています... 61.197.187.238
Caching ieserver.net => 61.197.187.238
ieserver.net (ieserver.net)|61.197.187.238|:443 に接続しています... 接続しました。
Created socket 3.
Releasing 0x000055d7ebef5de0 (new refcount 1).
GnuTLS: A TLS fatal alert has been received.
GnuTLS: received alert [40]: Handshake failed
Closed fd 3
SSL による接続が確立できません。
curl も駄目
$ curl -iv https://ieserver.net/
* Expire in 0 ms for 6 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 0 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 1 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 2 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 3 ms for 1 (transfer 0x564860377a30)
* Expire in 3 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 5 ms for 1 (transfer 0x564860377a30)
* Expire in 5 ms for 1 (transfer 0x564860377a30)
* Expire in 4 ms for 1 (transfer 0x564860377a30)
* Expire in 6 ms for 1 (transfer 0x564860377a30)
* Expire in 6 ms for 1 (transfer 0x564860377a30)
* Expire in 8 ms for 1 (transfer 0x564860377a30)
* Trying 61.197.187.238...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x564860377a30)
* Connected to ieserver.net (61.197.187.238) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
$ gnutls-cli --debug 5 ieserver.net
|<3>| ASSERT: ../../../lib/x509/common.c[_gnutls_x509_get_raw_field2]:1570
|<3>| ASSERT: ../../../lib/x509/x509.c[gnutls_x509_crt_get_subject_unique_id]:3897
|<3>| ASSERT: ../../../lib/x509/x509.c[gnutls_x509_crt_get_issuer_unique_id]:3947
|<3>| ASSERT: ../../../lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:990
|<3>| ASSERT: ../../../lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:990
|<3>| ASSERT: ../../../lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:990
|<3>| ASSERT: ../../../lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:990
|<5>| REC[0x56543db588e0]: Allocating epoch #0
|<2>| added 6 protocols, 29 ciphersuites, 18 sig algos and 9 groups into priority list
|<5>| REC[0x56543db588e0]: Allocating epoch #1
|<4>| HSK[0x56543db588e0]: Adv. version: 3.3
|<2>| Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
|<2>| Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
|<2>| Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
|<2>| Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
|<2>| Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
|<2>| Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
|<2>| Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
|<2>| Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
|<2>| Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
|<4>| EXT[0x56543db588e0]: Preparing extension (OCSP Status Request/5) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sending extension OCSP Status Request/5 (5 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Client Certificate Type/19) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (Server Certificate Type/20) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (Supported Groups/10) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sent group SECP256R1 (0x17)
|<4>| EXT[0x56543db588e0]: Sent group SECP384R1 (0x18)
|<4>| EXT[0x56543db588e0]: Sent group SECP521R1 (0x19)
|<4>| EXT[0x56543db588e0]: Sent group X25519 (0x1d)
|<4>| EXT[0x56543db588e0]: Sent group FFDHE2048 (0x100)
|<4>| EXT[0x56543db588e0]: Sent group FFDHE3072 (0x101)
|<4>| EXT[0x56543db588e0]: Sent group FFDHE4096 (0x102)
|<4>| EXT[0x56543db588e0]: Sent group FFDHE6144 (0x103)
|<4>| EXT[0x56543db588e0]: Sent group FFDHE8192 (0x104)
|<4>| EXT[0x56543db588e0]: Sending extension Supported Groups/10 (20 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Supported EC Point Formats/11) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sending extension Supported EC Point Formats/11 (2 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (SRP/12) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (Signature Algorithms/13) for 'client hello'
|<4>| EXT[0x56543db588e0]: sent signature algo (4.1) RSA-SHA256
|<4>| EXT[0x56543db588e0]: sent signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x56543db588e0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x56543db588e0]: sent signature algo (4.3) ECDSA-SHA256
|<4>| EXT[0x56543db588e0]: sent signature algo (8.7) EdDSA-Ed25519
|<4>| EXT[0x56543db588e0]: sent signature algo (5.1) RSA-SHA384
|<4>| EXT[0x56543db588e0]: sent signature algo (8.10) RSA-PSS-SHA384
|<4>| EXT[0x56543db588e0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
|<4>| EXT[0x56543db588e0]: sent signature algo (5.3) ECDSA-SHA384
|<4>| EXT[0x56543db588e0]: sent signature algo (6.1) RSA-SHA512
|<4>| EXT[0x56543db588e0]: sent signature algo (8.11) RSA-PSS-SHA512
|<4>| EXT[0x56543db588e0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
|<4>| EXT[0x56543db588e0]: sent signature algo (6.3) ECDSA-SHA512
|<4>| EXT[0x56543db588e0]: sent signature algo (2.1) RSA-SHA1
|<4>| EXT[0x56543db588e0]: sent signature algo (2.3) ECDSA-SHA1
|<4>| EXT[0x56543db588e0]: Sending extension Signature Algorithms/13 (32 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (SRTP/14) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (Heartbeat/15) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (ALPN/16) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sending extension Encrypt-then-MAC/22 (0 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Extended Master Secret/23) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sending extension Extended Master Secret/23 (0 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Session Ticket/35) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sending extension Session Ticket/35 (0 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Key Share/51) for 'client hello'
|<4>| EXT[0x56543db588e0]: sending key share for SECP256R1
|<4>| EXT[0x56543db588e0]: sending key share for X25519
|<4>| EXT[0x56543db588e0]: Sending extension Key Share/51 (107 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Supported Versions/43) for 'client hello'
|<2>| Advertizing version 3.4
|<2>| Advertizing version 3.3
|<2>| Advertizing version 3.2
|<2>| Advertizing version 3.1
|<4>| EXT[0x56543db588e0]: Sending extension Supported Versions/43 (9 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Post Handshake Auth/49) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (Safe Renegotiation/65281) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sending extension Safe Renegotiation/65281 (1 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Server Name Indication/0) for 'client hello'
|<2>| HSK[0x56543db588e0]: sent server name: 'ieserver.net'
|<4>| EXT[0x56543db588e0]: Sending extension Server Name Indication/0 (17 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Cookie/44) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (Early Data/42) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sending extension PSK Key Exchange Modes/45 (3 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Record Size Limit/28) for 'client hello'
|<4>| EXT[0x56543db588e0]: Sending extension Record Size Limit/28 (2 bytes)
|<4>| EXT[0x56543db588e0]: Preparing extension (Maximum Record Size/1) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (ClientHello Padding/21) for 'client hello'
|<4>| EXT[0x56543db588e0]: Preparing extension (Pre Shared Key/41) for 'client hello'
|<4>| HSK[0x56543db588e0]: CLIENT HELLO was queued [353 bytes]
|<5>| REC[0x56543db588e0]: Preparing Packet Handshake(22) with length: 353 and min pad: 0
|<5>| REC[0x56543db588e0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 358
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1171
|<5>| REC[0x56543db588e0]: SSL 3.1 Alert packet received. Epoch 0, length: 2
|<5>| REC[0x56543db588e0]: Expected Packet Handshake(22)
|<5>| REC[0x56543db588e0]: Received Packet Alert(21) with length: 2
|<5>| REC[0x56543db588e0]: Decrypted Packet[0] Alert(21) with length: 2
|<5>| REC[0x56543db588e0]: Alert[2|40] - Handshake failed - was received
|<3>| ASSERT: ../../lib/record.c[record_add_to_buffers]:878
|<3>| ASSERT: ../../lib/record.c[record_add_to_buffers]:885
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1577
|<3>| ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1448
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_recv_handshake]:1506
|<3>| ASSERT: ../../lib/handshake.c[handshake_client]:2998
*** Fatal error: A TLS fatal alert has been received.
|<3>| ASSERT: ../../lib/alert.c[gnutls_alert_send_appropriate]:375
Processed 129 CA certificate(s).
Resolving 'ieserver.net:443'...
Connecting to '61.197.187.238:443'...
*** Received alert [40]: Handshake failed
$ openssl s_client -connect ieserver.net:443 -servername ieserver.net -debug
140088792982656:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1536:SSL alert number 40
CONNECTED(00000003)
write to 0x5569fab1b8b0 [0x5569fab2e170] (304 bytes => 304 (0x130))
0000 - 16 03 01 01 2b 01 00 01-27 03 03 d2 01 f8 cb 3f ....+...'......?
0010 - a9 a8 7c c7 b8 bf ce a0-11 8a fc a8 15 c8 24 19 ..|...........$.
0020 - 4d 83 a8 70 95 18 2b 53-8c e3 b3 20 89 83 0f ca M..p..+S... ....
0030 - 9d e7 07 78 93 7b 09 df-5c 8f d3 ba ea d8 25 e7 ...x.{..\.....%.
0040 - 9d 79 64 0a 5f 14 83 4b-1a 66 fb 16 00 3e 13 02 .yd._..K.f...>..
0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa .....,.0........
0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27 .+./...$.(.k.#.'
0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d .g.....9.....3..
0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 a0 ...=.<.5./......
0090 - 00 00 00 11 00 0f 00 00-0c 69 65 73 65 72 76 65 .........ieserve
00a0 - 72 2e 6e 65 74 00 0b 00-04 03 00 01 02 00 0a 00 r.net...........
00b0 - 0c 00 0a 00 1d 00 17 00-1e 00 19 00 18 00 23 00 ..............#.
00c0 - 00 00 16 00 00 00 17 00-00 00 0d 00 2a 00 28 04 ............*.(.
00d0 - 03 05 03 06 03 08 07 08-08 08 09 08 0a 08 0b 08 ................
00e0 - 04 08 05 08 06 04 01 05-01 06 01 03 03 03 01 03 ................
00f0 - 02 04 02 05 02 06 02 00-2b 00 05 04 03 04 03 03 ........+.......
0100 - 00 2d 00 02 01 01 00 33-00 26 00 24 00 1d 00 20 .-.....3.&.$...
0110 - a8 ed 34 84 82 d6 03 a1-69 7a bf 52 d2 03 a3 cd ..4.....iz.R....
0120 - a6 2f 74 cf e2 96 b1 e1-17 94 15 5c 22 91 c3 03 ./t........\"...
read from 0x5569fab1b8b0 [0x5569fab24e63] (5 bytes => 5 (0x5))
0000 - 15 03 01 00 02 .....
read from 0x5569fab1b8b0 [0x5569fab24e68] (2 bytes => 2 (0x2))
0000 - 02 28 .(
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 304 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x5569fab1b8b0 [0x5569fab0a080] (8192 bytes => 0 (0x0))