gpg4win 2.3.3 and mailvelope key server

Hello,

I want to configure gpg4win 2.3.3 to work with the new mailvelope key server → https://keys.mailvelope.com/
The key server supports HKPS but there is no option for HKPS in Kleopatra, only HKP. Additionally the key server supports a REST api over HTTPS but I do not know how to configure Kleopatra for this.

Thanks in advance!

Hi D B,

unfortunately, TLS for dirmngr is currently missing in Gpg4win,
see https://bugs.gnupg.org/gnupg/issue1804

Best Regards,
Bernhard

Are there any news about gpg4win and TLS 1.2?

I tried to access the mailbox.org pgp server (hkps://pgp.mailbox.org) with gpg4win (2.3.4 and 3.0.0 beta 299) and I always do get an error. It works with GnuPG 1.4.0 on Ubuntu 16.04 and with OpenKeyChain on my Android smartphone.

I’m not 100% sure but it seems it is a problem with TLS1.2. I also tried to add the CA certificate in the gnupg.conf (or dirmngr.conf).

Thanks in advance,
Jan


gpg --debug-all --keyserver=hkps://pgp.mailbox.org --search support@mailbox.org
gpg: Hinweis: Keine voreingestellte Optionendatei ‘C:/Users/Jan/AppData/Roaming/gnupg/gpg.conf’ vorhanden
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_0x00000224 ← # Home: C:/Users/Jan/AppData/Roaming/gnupg
gpg: DBG: chan_0x00000224 ← # Config: [none]
gpg: DBG: chan_0x00000224 ← OK Dirmngr 2.2.0 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_0x00000224 → GETINFO version
gpg: DBG: chan_0x00000224 ← D 2.2.0
gpg: DBG: chan_0x00000224 ← OK
gpg: DBG: chan_0x00000224 → KEYSERVER --clear hkps://pgp.mailbox.org
gpg: DBG: chan_0x00000224 ← OK
gpg: DBG: chan_0x00000224 → KS_SEARCH – support@mailbox.org
gpg: DBG: chan_0x00000224 ← ERR 285212905 Fatale “Alert” Nachricht erhalten
gpg: error searching keyserver: Fatale “Alert” Nachricht erhalten
gpg: Suche auf dem Schlüsselserver fehlgeschlagen: Fatale “Alert” Nachricht erhalten
gpg: DBG: chan_0x00000224 → BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Dear Jan,

note that with GnuPG 2.2 dirmngr is the component to do the keyserver access.
On a GNU system with a modern gpg your command failed for me also, unless
I make the used root certificate known to dirmngr.

You could add the option ‘hkp-cacert /path/to/root.pem’
and ‘verbose’ and ‘gnutls-debug 1’ into your dirmngr.conf.
This worked for me in one setting on a Debian system.

Best Regards,
Bernhard

Dear Bernhard,

thanks for that hint. I already tried that and it acutally works for me on ubuntu16.04 also!
But unfortunatly with gpg4win it doesn’t.


dirmngr
dirmngr[13708]: NOTE: this is a development version!
dirmngr[13708]: Fehler beim Öffnen von C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory dirmngr[13708]: Zertifikat D:\SwissSign_Silver_CA_-_G2.pem’ ist bereits im Zwischenspeicher
dirmngr[13708]: dauerhaft geladene Zertifikate: 89
dirmngr[13708]: zwischengespeicherte Zertifikate: 0
dirmngr[13708]: vertrauenswürdige Zertifikate: 89 (88,0,0,1)

Home: C:\Users\Jan\AppData\Roaming\gnupg

Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf

OK Dirmngr 2.2.1-beta9 at your service
KEYSERVER --clear hkps://pgp.mailbox.org
OK
KS_SEARCH – support@mailbox.org
dirmngr[13708]: resolve_dns_addr for ‘pgp.mailbox.org’: ‘pgp.mailbox.org’ [already known]
dirmngr[13708]: DBG: ntbtls(1): is a fatal alert message (msg 40)
dirmngr[13708]: DBG: ntbtls(1): read_record returned: Fatale “Alert” Nachricht erhalten
dirmngr[13708]: TLS handshake failed: Fatale “Alert” Nachricht erhalten
dirmngr[13708]: Fehler beim Verbinden mit ‘https://pgp.mailbox.org:443’: Fatale “Alert” Nachricht erhalten
dirmngr[13708]: command ‘KS_SEARCH’ failed: Fatale “Alert” Nachricht erhalten
ERR 285212905 Fatale “Alert” Nachricht erhalten

Do you have any clue what “ntbtls(1): is a fatal alert message (msg 40)” means and how to solve it? It seems the dirmngr.conf is read and the CA-certficate is loaded.

Best regards,
Jan

Hi Jan,

please try to enable the debuging options in dirmngr.conf
to see more.

Best Regards,
Bernhard

Hi Bernhard,

even with “debug-all” there is not a lot more information:


dirmngr
dirmngr[7864]: NOTE: this is a development version!
dirmngr[7864]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog
dirmngr[7864]: Fehler beim Öffnen von C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory dirmngr[7864]: DBG: number of certs loaded from store 'ROOT': 56 dirmngr[7864]: DBG: Zertifikat CA’ ist bereits im Zwischenspeicher
dirmngr[7864]: DBG: number of certs loaded from store ‘CA’: 32
dirmngr[7864]: Zertifikat `D:\SwissSign_Silver_CA_-_G2.pem’ ist bereits im Zwischenspeicher
dirmngr[7864]: dauerhaft geladene Zertifikate: 89
dirmngr[7864]: zwischengespeicherte Zertifikate: 0
dirmngr[7864]: vertrauenswürdige Zertifikate: 89 (88,0,0,1)
dirmngr[7864]: DBG: chan_0x00000274 → # Home: C:\Users\Jan\AppData\Roaming\gnupg

Home: C:\Users\Jan\AppData\Roaming\gnupg

dirmngr[7864]: DBG: chan_0x00000274 → # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf

Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf

dirmngr[7864]: DBG: chan_0x00000274 → OK Dirmngr 2.2.1-beta9 at your service
OK Dirmngr 2.2.1-beta9 at your service
KEYSERVER --clear hkps://pgp.mailbox.org
dirmngr[7864]: DBG: chan_0x00000274 ← KEYSERVER --clear hkps://pgp.mailbox.org
dirmngr[7864]: DBG: chan_0x00000274 → OK
OK
KS_SEARCH – support@mailbox.org
dirmngr[7864]: DBG: chan_0x00000274 ← KS_SEARCH – support@mailbox.org
dirmngr[7864]: DBG: dns: dnsserver[0] ‘134.34.3.2’
dirmngr[7864]: DBG: dns: dnsserver[1] ‘134.34.3.3’
dirmngr[7864]: DBG: dns: libdns initialized
dirmngr[7864]: DBG: dns: getsrv(_pgpkey-https._tcp.pgp.mailbox.org) → 0 records
dirmngr[7864]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg
dirmngr[7864]: resolve_dns_addr for ‘pgp.mailbox.org’: ‘pgp.mailbox.org’ [already known]
dirmngr[7864]: DBG: http.c:connect_server: trying name=‘pgp.mailbox.org’ port=443
dirmngr[7864]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg
dirmngr[7864]: DBG: http.c:1819:socket_new: object 0x03173228 for fd 844 created
dirmngr[7864]: DBG: ntbtls(1): is a fatal alert message (msg 40)
dirmngr[7864]: DBG: ntbtls(1): read_record returned: Fatale “Alert” Nachricht erhalten
dirmngr[7864]: TLS handshake failed: Fatale “Alert” Nachricht erhalten
dirmngr[7864]: Fehler beim Verbinden mit ‘https://pgp.mailbox.org:443’: Fatale “Alert” Nachricht erhalten
dirmngr[7864]: command ‘KS_SEARCH’ failed: Fatale “Alert” Nachricht erhalten
dirmngr[7864]: DBG: chan_0x00000274 → ERR 285212905 Fatale “Alert” Nachricht erhalten
ERR 285212905 Fatale “Alert” Nachricht erhalten

Hope that helps.

Best,
Jan

Me again. I managed to increase the gnutls debug level:


dirmngr
dirmngr[1888]: NOTE: this is a development version!
dirmngr[1888]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog
dirmngr[1888]: Fehler beim Öffnen von C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory dirmngr[1888]: DBG: number of certs loaded from store 'ROOT': 56 dirmngr[1888]: DBG: Zertifikat CA’ ist bereits im Zwischenspeicher
dirmngr[1888]: DBG: number of certs loaded from store ‘CA’: 32
dirmngr[1888]: Zertifikat `D:\SwissSign_Silver_CA_-_G2.pem’ ist bereits im Zwischenspeicher
dirmngr[1888]: dauerhaft geladene Zertifikate: 89
dirmngr[1888]: zwischengespeicherte Zertifikate: 0
dirmngr[1888]: vertrauenswürdige Zertifikate: 89 (88,0,0,1)
dirmngr[1888]: DBG: chan_0x00000274 → # Home: C:\Users\Jan\AppData\Roaming\gnupg

Home: C:\Users\Jan\AppData\Roaming\gnupg

dirmngr[1888]: DBG: chan_0x00000274 → # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf

Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf

dirmngr[1888]: DBG: chan_0x00000274 → OK Dirmngr 2.2.1-beta9 at your service
OK Dirmngr 2.2.1-beta9 at your service
KEYSERVER --clear hkps://pgp.mailbox.org
dirmngr[1888]: DBG: chan_0x00000274 ← KEYSERVER --clear hkps://pgp.mailbox.org
dirmngr[1888]: DBG: chan_0x00000274 → OK
OK
KS_SEARCH – support@mailbox.org
dirmngr[1888]: DBG: chan_0x00000274 ← KS_SEARCH – support@mailbox.org
dirmngr[1888]: DBG: dns: dnsserver[0] ‘134.34.3.2’
dirmngr[1888]: DBG: dns: dnsserver[1] ‘134.34.3.3’
dirmngr[1888]: DBG: dns: libdns initialized
dirmngr[1888]: DBG: dns: getsrv(_pgpkey-https._tcp.pgp.mailbox.org) → 0 records
dirmngr[1888]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg
dirmngr[1888]: resolve_dns_addr for ‘pgp.mailbox.org’: ‘pgp.mailbox.org’ [already known]
dirmngr[1888]: DBG: http.c:connect_server: trying name=‘pgp.mailbox.org’ port=443
dirmngr[1888]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg
dirmngr[1888]: DBG: http.c:1819:socket_new: object 0x03018fb8 for fd 908 created
dirmngr[1888]: DBG: ntbtls(2): handshake
dirmngr[1888]: DBG: ntbtls(2): client state: 0 (hello_request)
dirmngr[1888]: DBG: ntbtls(3): flush output
dirmngr[1888]: DBG: ntbtls(2): client state: 1 (client_hello)
dirmngr[1888]: DBG: ntbtls(3): flush output
dirmngr[1888]: DBG: ntbtls(2): write client_hello
dirmngr[1888]: DBG: ntbtls(3): client_hello, max version: [3:3]
dirmngr[1888]: DBG: ntbtls(3): client_hello, current time: 1505733222
dirmngr[1888]: DBG: client_hello, random bytes: 59bfaa6669d0d44a6df21fd0d5355d668c95f70a2ecf2387c9bdfe4380c08cea
dirmngr[1888]: DBG: ntbtls(3): client_hello, session id len.: 0
dirmngr[1888]: DBG: client_hello, session id:
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49192 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 107 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49172 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 57 TLS-DHE-RSA-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49271 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 196 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 136 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49191 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 103 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49171 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 51 TLS-DHE-RSA-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49270 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 190 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 69 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49170 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 22 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49208 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 179 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49206 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 145 TLS-DHE-PSK-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49307 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49303 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49207 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 178 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49205 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 144 TLS-DHE-PSK-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49302 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49306 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49204 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 143 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 61 TLS-RSA-WITH-AES-256-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 53 TLS-RSA-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 192 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 132 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 60 TLS-RSA-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 47 TLS-RSA-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 186 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 65 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 10 TLS-RSA-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 183 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 149 TLS-RSA-PSK-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49305 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 182 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 148 TLS-RSA-PSK-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49304 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 147 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 175 TLS-PSK-WITH-AES-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 141 TLS-PSK-WITH-AES-256-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49301 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 174 TLS-PSK-WITH-AES-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 140 TLS-PSK-WITH-AES-128-CBC-SHA
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49300 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256
dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 139 TLS-PSK-WITH-3DES-EDE-CBC-SHA
dirmngr[1888]: DBG: ntbtls(3): client_hello, got 54 ciphersuites
dirmngr[1888]: DBG: ntbtls(3): client_hello, compress len.: 2
dirmngr[1888]: DBG: ntbtls(3): client_hello, compress alg.: 1 0
dirmngr[1888]: DBG: ntbtls(3): client_hello, adding server name extension: ‘pgp.mailbox.org
dirmngr[1888]: DBG: ntbtls(3): client_hello, adding signature_algorithms extension
dirmngr[1888]: DBG: ntbtls(3): client hello, adding supported_elliptic_curves extension
dirmngr[1888]: DBG: ntbtls(3): client hello, adding supported_point_formats extension
dirmngr[1888]: DBG: ntbtls(3): client_hello, adding session ticket extension
dirmngr[1888]: DBG: ntbtls(3): client_hello, total extension length: 68
dirmngr[1888]: DBG: ntbtls(3): write record
dirmngr[1888]: DBG: ntbtls(3): output record: msgtype = 22, version = [3:3], msglen = 222
dirmngr[1888]: DBG: output record sent to network: 16030300de010000da030359bfaa6669d0d44a6df21fd0d5355d668c95f70a2e
dirmngr[1888]: DBG: cf2387c9bdfe4380c08cea00006c00ffc028006bc0140039c07700c40088c027
dirmngr[1888]: DBG: 0067c0130033c07600be0045c0120016c03800b3c0360091c09bc097c03700b2
dirmngr[1888]: DBG: c0350090c096c09ac034008f003d003500c00084003c002f00ba0041000a00b7
dirmngr[1888]: DBG: 0095c09900b60094c098009300af008dc09500ae008cc094008b020100004400
dirmngr[1888]: DBG: 000014001200000f7067702e6d61696c626f782e6f7267000d00160014060105
dirmngr[1888]: DBG: 0104010301020106030503040303030203000a000400020017000b0002010000
dirmngr[1888]: DBG: 230000
dirmngr[1888]: DBG: ntbtls(3): flush output
dirmngr[1888]: DBG: ntbtls(3): message length: 227, out_left: 227
dirmngr[1888]: DBG: ntbtls(3): es_write returned: success
dirmngr[1888]: DBG: ntbtls(2): client state: 2 (server_hello)
dirmngr[1888]: DBG: ntbtls(3): flush output
dirmngr[1888]: DBG: ntbtls(2): read server_hello
dirmngr[1888]: DBG: ntbtls(3): read record
dirmngr[1888]: DBG: ntbtls(3): fetch input
dirmngr[1888]: DBG: ntbtls(3): in_left: 0, nb_want: 5
dirmngr[1888]: DBG: ntbtls(3): es_read returned: success
dirmngr[1888]: DBG: ntbtls(3): input record: msgtype = 21, version = [3:3], msglen = 2
dirmngr[1888]: DBG: ntbtls(3): fetch input
dirmngr[1888]: DBG: ntbtls(3): in_left: 5, nb_want: 7
dirmngr[1888]: DBG: ntbtls(3): es_read returned: success
dirmngr[1888]: DBG: input record from network: 15030300020228
dirmngr[1888]: DBG: ntbtls(2): got an alert message, type: [2:40]
dirmngr[1888]: DBG: ntbtls(1): is a fatal alert message (msg 40)
dirmngr[1888]: DBG: ntbtls(1): read_record returned: Fatale “Alert” Nachricht erhalten
dirmngr[1888]: DBG: ntbtls(2): handshake ready
dirmngr[1888]: TLS handshake failed: Fatale “Alert” Nachricht erhalten
dirmngr[1888]: Fehler beim Verbinden mit ‘https://pgp.mailbox.org:443’: Fatale “Alert” Nachricht erhalten
dirmngr[1888]: DBG: ntbtls(2): release
dirmngr[1888]: command ‘KS_SEARCH’ failed: Fatale “Alert” Nachricht erhalten
dirmngr[1888]: DBG: chan_0x00000274 → ERR 285212905 Fatale “Alert” Nachricht erhalten
ERR 285212905 Fatale “Alert” Nachricht erhalten


Best,
Jan

P.S.: By the way, it is a Windwows 10 Enterprise Version 10.0.15063 Build 15063 64bit machine.

Hi,
thanks for the more verbose debug output,
this seems to be a problem with the used TLS library.

The message comes from the following code:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=ntbtls.git;a=blob;f=src/protocol.c;h=658cdbd02000c921519e03115df7a6ccc50c0889;hb=HEAD#l1707

As ntbtls is a TLS 1.2 library I guess it will be something else that is wrong.
I’ve created the following problem report: https://dev.gnupg.org/T3411

Best,
Bernhard

Thanks a lot. I’ll have a look at the problem report from time to time to check the progress and for a possible solution :slight_smile:

Best,
Jan

Hi,

I saw that a fixed is already committed. Thanks at this place for the great work!

As I’m unfimiliar with the gpg4win release cycle… Will this change make it into the 3.0.0 release or will there be maybe even a 2.3.4 update?

Best regards and thanks again for this fast response and help!
Jan

Hey Jan,

There won’t be a 2.3.4. But the Release 3.0.0 will hit in the next few days and the fix will be in there.

Best wishes,
Jochen