TLS problems with ntbtls with some ECC curves (discovered with hkps://pgp.mailbox.org on Windows)
Closed, ResolvedPublic

Description

https://wald.intevation.org/forum/forum.php?thread_id=1668&forum_id=21&group_id=11
a user reports problems to access hkps://pgp.mailbox.org on windows 10.

The debugging shows:
DBG: ntbtls(2): got an alert message, type: [2:40]

Expected behaviour: The keyserver connection is made to search for the pubkey.

This looks either like a software defect or a documentation deficit how to analyse
the problem to get a connection.

Observation: gpg 2.1.11 with gnutls on Debian contacts the keyserver just fine.

Has been tested with Gpg4win 3.0(rc) 3.0.0 beta 299.

bernhard created this task.Sep 18 2017, 2:16 PM
bernhard assigned this task to werner.
werner triaged this task as Unbreak Now! priority.Sep 18 2017, 4:41 PM

You can't access that server even from Windows7 due to an uncommon ECC curve. I need to investigate but it is likely that ntbtls does not yet support it.

I added the missing curves to ntbtls and will soon do a new release. To please some folks here I also added the Brainpool curves ;-)

bernhard renamed this task from Diagnosing a TLS problem with ntbtls on Windows 10 to TLS problems with ntbtls with some ECC curves.Sep 19 2017, 8:38 AM
bernhard renamed this task from TLS problems with ntbtls with some ECC curves to TLS problems with ntbtls with some ECC curves (discovered with hkps://pgp.mailbox.org on Windows).
werner closed this task as Resolved.Sep 19 2017, 8:52 AM

ntbtls 0.1.2 has been released as well gnupg 2.2.1 with other fixes and the Windows installer using that new ntbtls.