1. Forum
  2. USENET
  3. rocksolid.nodes.help

  • Emacs Gnus: Your TLS configuration for NNTP? Getting unknown packet error.

    From not bora@atod101101@gmail.com to rocksolid.nodes.help on Wed May 14 00:39:40 2025
    From Newsgroup: rocksolid.nodes.help

    I have the following configuration and am having trouble connecting
    NNTPS TLS. Can anyone provide me some guidance on getting this
    configuration working?

    Trying these servers:
    news.eternal-september.org:563
    news.i2pn2.org:563

    I encounter a GNUTLS error that I receive a packet of a unknown type.
    I'm using Emacs 30.1 Gnus 5.13.

    I can connect using NNTP port 119. I can connect to port 563 using
    gnutls and openssl from the command line and issue commands to the
    server. Therefore I think this may be some issue inside gnus or Emacs.

    Can anyone provide me an example working configuration?

    From *Messages* with TLS debug on, same for both servers:
    Error: gnutls.c: [audit] Received record packet of unknown type 50
    gnutls.c: [1] (Emacs) fatal error: An unexpected TLS packet was
    received.

    Here is my config:
    .gnus.el:
    (setq auth-sources
    '((:source "~/.authinfo")))

    (setq gnus-select-method
    '(nntp "news.i2pn2.org"
    (nntp-open-connection-function nntp-open-ssl-stream)
    (nttp-port-number 563)
    (nntp-address "news.i2pn2.org")
    ))

    .authinfo:
    machine news.i2pn2.org login username password passwordxxx force yes

    [...]
    Error log from news.eternal-september.org same for news.i2pn2.org:

    gnutls.c: [1] (Emacs) connecting to host: news.eternal-september.org
    gnutls.c: [1] (Emacs) allocating credentials gnutls.c: [2] (Emacs)
    allocating x509 credentials gnutls.c: [2] (Emacs) using default
    verification flags gnutls.c: [1] (Emacs) setting the trustfile: /etc/ssl/cert.pem gnutls.c: [1] (Emacs) gnutls callbacks gnutls.c: [1]
    (Emacs) gnutls_init gnutls.c: [1] (Emacs) got non-default priority
    string: NORMAL:%DUMBFW gnutls.c: [1] (Emacs) setting the priority string gnutls.c: [2] added 6 protocols, 29 ciphersuites, 19 sig algos and 10
    groups into priority list

    gnutls.c: [2] Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)

    gnutls.c: [2] Keeping ciphersuite 13.03
    (GNUTLS_CHACHA20_POLY1305_SHA256)

    gnutls.c: [2] Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)

    gnutls.c: [2] Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)

    gnutls.c: [2] Keeping ciphersuite c0.2c
    (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)

    gnutls.c: [2] Keeping ciphersuite cc.a9
    (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)

    gnutls.c: [2] Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)

    gnutls.c: [2] Keeping ciphersuite c0.0a
    (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)

    gnutls.c: [2] Keeping ciphersuite c0.2b
    (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)

    gnutls.c: [2] Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)

    gnutls.c: [2] Keeping ciphersuite c0.09
    (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)

    gnutls.c: [2] Keeping ciphersuite c0.30
    (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)

    gnutls.c: [2] Keeping ciphersuite cc.a8
    (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)

    gnutls.c: [2] Keeping ciphersuite c0.14
    (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)

    gnutls.c: [2] Keeping ciphersuite c0.2f
    (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)

    gnutls.c: [2] Keeping ciphersuite c0.13
    (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)

    gnutls.c: [2] Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)

    gnutls.c: [2] Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)

    gnutls.c: [2] Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)

    gnutls.c: [2] Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)

    gnutls.c: [2] Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)

    gnutls.c: [2] Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)

    gnutls.c: [2] Keeping ciphersuite 00.9f
    (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)

    gnutls.c: [2] Keeping ciphersuite cc.aa
    (GNUTLS_DHE_RSA_CHACHA20_POLY1305)

    gnutls.c: [2] Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)

    gnutls.c: [2] Keeping ciphersuite 00.39
    (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)

    gnutls.c: [2] Keeping ciphersuite 00.9e
    (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)

    gnutls.c: [2] Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)

    gnutls.c: [2] Keeping ciphersuite 00.33
    (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)

    gnutls.c: [2] Advertizing version 3.4

    gnutls.c: [2] Advertizing version 3.3

    gnutls.c: [2] Advertizing version 3.2

    gnutls.c: [2] Advertizing version 3.1

    gnutls.c: [2] HSK[0x7fd47d746600]: sent server name: 'news.eternal-september.org'

    gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable,
    try again. [80 times] gnutls.c: [audit] Received record packet of
    unknown type 50

    gnutls.c: [1] (Emacs) fatal error: An unexpected TLS packet was
    received. gnutls.el: (err=[-15] An unexpected TLS packet was received.)
    boot: (:priority NORMAL:%DUMBFW :hostname news.eternal-september.org
    :loglevel 2 :min-prime-bits nil :trustfiles (/etc/ssl/cert.pem)
    :crlfiles nil :keylist nil :verify-flags nil :verify-error nil :pass nil
    :flags nil :callbacks nil) >>> (gnutls-error nntpd -15) nntp (username@news.eternal-september.org) open error: rCy>>> (gnutls-error
    nntpd -15)rCO. Continue? (y or n) n CouldnrCOt open server on username@news.eternal-september.org Mark set [2 times]
    --- Synchronet 3.21a-Linux NewsLink 1.2