Verified on zesty, old version 3.5.6-4ubuntu4.2 failed handshake, 3.5.6-4ubuntu4.3 succeeded:
Script started on Thu 07 Sep 2017 00:45:28 CEST
+ apt-get -q update
[...]
+ apt-get -q -y install gnutls-bin ca-certificates
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
libffi6 libgmp10 libgnutls30 libhogweed4 libidn11 libnettle6 libopts25 libp11-kit0 libssl1.0.0 libtasn1-6 openssl
The following NEW packages will be installed:
ca-certificates gnutls-bin libffi6 libgmp10 libgnutls30 libhogweed4 libidn11 libnettle6 libopts25 libp11-kit0 libssl1.0.0 libtasn1-6 openssl
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 3326 kB of archives.
After this operation, 9762 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu zesty/main amd64 libffi6 amd64 3.2.1-6 [17.7 kB]
Get:2 http://archive.ubuntu.com/ubuntu zesty/main amd64 libgmp10 amd64 2:6.1.2+dfsg-1 [240 kB]
Get:3 http://archive.ubuntu.com/ubuntu zesty/main amd64 libnettle6 amd64 3.3-1 [92.4 kB]
Get:4 http://archive.ubuntu.com/ubuntu zesty/main amd64 libhogweed4 amd64 3.3-1 [135 kB]
Get:5 http://archive.ubuntu.com/ubuntu zesty/main amd64 libidn11 amd64 1.33-1 [45.0 kB]
Get:6 http://archive.ubuntu.com/ubuntu zesty/main amd64 libp11-kit0 amd64 0.23.3-5 [107 kB]
Get:7 http://archive.ubuntu.com/ubuntu zesty-updates/main amd64 libtasn1-6 amd64 4.10-1ubuntu0.1 [35.5 kB]
Get:8 http://archive.ubuntu.com/ubuntu zesty-updates/main amd64 libgnutls30 amd64 3.5.6-4ubuntu4.2 [627 kB]
Get:9 http://archive.ubuntu.com/ubuntu zesty-updates/main amd64 libssl1.0.0 amd64 1.0.2g-1ubuntu11.2 [1081 kB]
Get:10 http://archive.ubuntu.com/ubuntu zesty-updates/main amd64 openssl amd64 1.0.2g-1ubuntu11.2 [491 kB]
Get:11 http://archive.ubuntu.com/ubuntu zesty/main amd64 ca-certificates all 20161130 [193 kB]
Get:12 http://archive.ubuntu.com/ubuntu zesty/main amd64 libopts25 amd64 1:5.18.12-3 [57.0 kB]
Get:13 http://archive.ubuntu.com/ubuntu zesty-updates/universe amd64 gnutls-bin amd64 3.5.6-4ubuntu4.2 [204 kB]
Fetched 3326 kB in 2s (1539 kB/s)
[...]
+ gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net
Processed 173 CA certificate(s).
Resolving 'tvemsnbc-vh.akamaihd.net:443'...
Connecting to '95.101.77.25:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US', issuer `CN=Symantec Class 3 ECC 256 bit SSL CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US', serial 0x0f683f2dfac9edf014148ca649db4bad, EC/ECDSA key 256 bits, signed using ECDSA-SHA256, activated `2017-03-07 00:00:00 UTC', expires `2018-05-06 23:59:59 UTC', SHA-1 fingerprint `557c90a8d8953f3a2c2b59290a5ce12eafa60adf'
Public Key ID:
8c08394d28e104af81d099d4d236eef424710a29
Public key's random art:
+--[SECP256R1]----+
|==.B. |
|E.O+* . |
|o+==.= |
| o o=..o |
|. o.+. S |
| . . |
| |
| |
| |
+-----------------+
- Certificate[1] info:
- subject `CN=Symantec Class 3 ECC 256 bit SSL CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US', issuer `CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US', serial 0x3f9287be9d1da4a37a9df6282e775ac4, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2015-05-12 00:00:00 UTC', expires `2025-05-11 23:59:59 UTC', SHA-1 fingerprint `fe3c41901f3659c6eddc0c1c2d85d0b20e649614'
- Status: The certificate is NOT trusted. The received OCSP status response is invalid.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** handshake has failed: Error in the certificate.
+ echo 'deb http://archive.ubuntu.com/ubuntu/ zesty-proposed main'
+ apt-get -q update
[...]
+ apt-get -q -y install libgnutls30/zesty-proposed
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be upgraded:
libgnutls30
1 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 627 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu zesty-proposed/main amd64 libgnutls30 amd64 3.5.6-4ubuntu4.3 [627 kB]
Fetched 627 kB in 0s (1171 kB/s)
[...]
+ gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net
Processed 173 CA certificate(s).
Resolving 'tvemsnbc-vh.akamaihd.net:443'...
Connecting to '95.101.77.34:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US', issuer `CN=Symantec Class 3 ECC 256 bit SSL CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US', serial 0x0f683f2dfac9edf014148ca649db4bad, EC/ECDSA key 256 bits, signed using ECDSA-SHA256, activated `2017-03-07 00:00:00 UTC', expires `2018-05-06 23:59:59 UTC', SHA-1 fingerprint `557c90a8d8953f3a2c2b59290a5ce12eafa60adf'
Public Key ID:
8c08394d28e104af81d099d4d236eef424710a29
Public key's random art:
+--[SECP256R1]----+
|==.B. |
|E.O+* . |
|o+==.= |
| o o=..o |
|. o.+. S |
| . . |
| |
| |
| |
+-----------------+
- Certificate[1] info:
- subject `CN=Symantec Class 3 ECC 256 bit SSL CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US', issuer `CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US', serial 0x3f9287be9d1da4a37a9df6282e775ac4, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2015-05-12 00:00:00 UTC', expires `2025-05-11 23:59:59 UTC', SHA-1 fingerprint `fe3c41901f3659c6eddc0c1c2d85d0b20e649614'
- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-ECDSA-SECP256R1)-(AES-256-GCM)
- Session ID: 2C:8E:64:DB:85:A0:AC:38:E7:B7:F0:98:0B:3B:1D:73:F2:C4:6D:95:E6:A9:1E:9D:99:4D:53:2A:45:6F:A6:7F
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-ECDSA
- Server Signature: ECDSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: OCSP status request,
- Handshake was completed
Verified on zesty, old version 3.5.6-4ubuntu4.2 failed handshake, 3.5.6-4ubuntu4.3 succeeded:
Script started on Thu 07 Sep 2017 00:45:28 CEST archive. ubuntu. com/ubuntu zesty/main amd64 libffi6 amd64 3.2.1-6 [17.7 kB] archive. ubuntu. com/ubuntu zesty/main amd64 libgmp10 amd64 2:6.1.2+dfsg-1 [240 kB] archive. ubuntu. com/ubuntu zesty/main amd64 libnettle6 amd64 3.3-1 [92.4 kB] archive. ubuntu. com/ubuntu zesty/main amd64 libhogweed4 amd64 3.3-1 [135 kB] archive. ubuntu. com/ubuntu zesty/main amd64 libidn11 amd64 1.33-1 [45.0 kB] archive. ubuntu. com/ubuntu zesty/main amd64 libp11-kit0 amd64 0.23.3-5 [107 kB] archive. ubuntu. com/ubuntu zesty-updates/main amd64 libtasn1-6 amd64 4.10-1ubuntu0.1 [35.5 kB] archive. ubuntu. com/ubuntu zesty-updates/main amd64 libgnutls30 amd64 3.5.6-4ubuntu4.2 [627 kB] archive. ubuntu. com/ubuntu zesty-updates/main amd64 libssl1.0.0 amd64 1.0.2g-1ubuntu11.2 [1081 kB] archive. ubuntu. com/ubuntu zesty-updates/main amd64 openssl amd64 1.0.2g-1ubuntu11.2 [491 kB] archive. ubuntu. com/ubuntu zesty/main amd64 ca-certificates all 20161130 [193 kB] archive. ubuntu. com/ubuntu zesty/main amd64 libopts25 amd64 1:5.18.12-3 [57.0 kB] archive. ubuntu. com/ubuntu zesty-updates/ universe amd64 gnutls-bin amd64 3.5.6-4ubuntu4.2 [204 kB] vh.akamaihd. net vh.akamaihd. net:443' ... 77.25:443' ... e.akamai. net,O=Akamai Technologies\, Inc.,L= Cambridge, ST=Massachusett s,C=US' , issuer `CN=Symantec Class 3 ECC 256 bit SSL CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US', serial 0x0f683f2dfac9e df014148ca649db 4bad, EC/ECDSA key 256 bits, signed using ECDSA-SHA256, activated `2017-03-07 00:00:00 UTC', expires `2018-05-06 23:59:59 UTC', SHA-1 fingerprint `557c90a8d8953f 3a2c2b59290a5ce 12eafa60adf' 4af81d099d4d236 eef424710a29 ]----+ ------- ------+
+ apt-get -q update
[...]
+ apt-get -q -y install gnutls-bin ca-certificates
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
libffi6 libgmp10 libgnutls30 libhogweed4 libidn11 libnettle6 libopts25 libp11-kit0 libssl1.0.0 libtasn1-6 openssl
The following NEW packages will be installed:
ca-certificates gnutls-bin libffi6 libgmp10 libgnutls30 libhogweed4 libidn11 libnettle6 libopts25 libp11-kit0 libssl1.0.0 libtasn1-6 openssl
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 3326 kB of archives.
After this operation, 9762 kB of additional disk space will be used.
Get:1 http://
Get:2 http://
Get:3 http://
Get:4 http://
Get:5 http://
Get:6 http://
Get:7 http://
Get:8 http://
Get:9 http://
Get:10 http://
Get:11 http://
Get:12 http://
Get:13 http://
Fetched 3326 kB in 2s (1539 kB/s)
[...]
+ gnutls-cli -p 443 tvemsnbc-
Processed 173 CA certificate(s).
Resolving 'tvemsnbc-
Connecting to '95.101.
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=a248.
Public Key ID:
8c08394d28e10
Public key's random art:
+--[SECP256R1
|==.B. |
|E.O+* . |
|o+==.= |
| o o=..o |
|. o.+. S |
| . . |
| |
| |
| |
+----
- Certificate[1] info: O=VeriSign\ , Inc.,C=US', serial 0x3f9287be9d1da 4a37a9df6282e77 5ac4, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2015-05-12 00:00:00 UTC', expires `2025-05-11 23:59:59 UTC', SHA-1 fingerprint `fe3c41901f3659 c6eddc0c1c2d85d 0b20e649614' archive. ubuntu. com/ubuntu/ zesty-proposed main' zesty-proposed archive. ubuntu. com/ubuntu zesty-proposed/main amd64 libgnutls30 amd64 3.5.6-4ubuntu4.3 [627 kB] vh.akamaihd. net vh.akamaihd. net:443' ... 77.34:443' ... e.akamai. net,O=Akamai Technologies\, Inc.,L= Cambridge, ST=Massachusett s,C=US' , issuer `CN=Symantec Class 3 ECC 256 bit SSL CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US', serial 0x0f683f2dfac9e df014148ca649db 4bad, EC/ECDSA key 256 bits, signed using ECDSA-SHA256, activated `2017-03-07 00:00:00 UTC', expires `2018-05-06 23:59:59 UTC', SHA-1 fingerprint `557c90a8d8953f 3a2c2b59290a5ce 12eafa60adf' 4af81d099d4d236 eef424710a29 ]----+ ------- ------+
- subject `CN=Symantec Class 3 ECC 256 bit SSL CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US', issuer `CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,
- Status: The certificate is NOT trusted. The received OCSP status response is invalid.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** handshake has failed: Error in the certificate.
+ echo 'deb http://
+ apt-get -q update
[...]
+ apt-get -q -y install libgnutls30/
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be upgraded:
libgnutls30
1 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 627 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://
Fetched 627 kB in 0s (1171 kB/s)
[...]
+ gnutls-cli -p 443 tvemsnbc-
Processed 173 CA certificate(s).
Resolving 'tvemsnbc-
Connecting to '95.101.
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=a248.
Public Key ID:
8c08394d28e10
Public key's random art:
+--[SECP256R1
|==.B. |
|E.O+* . |
|o+==.= |
| o o=..o |
|. o.+. S |
| . . |
| |
| |
| |
+----
- Certificate[1] info: O=VeriSign\ , Inc.,C=US', serial 0x3f9287be9d1da 4a37a9df6282e77 5ac4, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2015-05-12 00:00:00 UTC', expires `2025-05-11 23:59:59 UTC', SHA-1 fingerprint `fe3c41901f3659 c6eddc0c1c2d85d 0b20e649614' -(ECDHE- ECDSA-SECP256R1 )-(AES- 256-GCM) DB:85:A0: AC:38:E7: B7:F0:98: 0B:3B:1D: 73:F2:C4: 6D:95:E6: A9:1E:9D: 99:4D:53: 2A:45:6F: A6:7F
- subject `CN=Symantec Class 3 ECC 256 bit SSL CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US', issuer `CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,
- Status: The certificate is trusted.
- Description: (TLS1.2)
- Session ID: 2C:8E:64:
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-ECDSA
- Server Signature: ECDSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: OCSP status request,
- Handshake was completed
- Simple Client Mode:
^C
Script done on Thu 07 Sep 2017 00:46:05 CEST