aria2c 必须使用未知的 TLS 协议连接到另一端,为什么?

tag-icon tag-icon networking ssl aria2 gnutls
aria2c 必须使用未知的 TLS 协议连接到另一端,为什么?

当我跑步时

aria2c https://www.example.com

我明白了

02/24 15:33:38 [WARN] aria2c had to connect to the other side using an unknown TLS protocol. The integrity and confidentiality of the connection might be compromised.

为什么是这样?请注意,这并不特定于www.example.com;它发生在许多(如果不是全部)主机上。

作为参考,这是(已编辑的)日志:

[INFO] [Context.cc:182] aria2 1.34.0
[INFO] [Context.cc:183] gcc 8.2.1 20181127
  built by  x86_64-pc-linux-gnu
  on        Feb  8 2019 09:32:06
[INFO] [Context.cc:185] zlib/1.2.11 libxml2/2.9.9 sqlite3/3.26.0 GnuTLS/3.6.6 nettle GMP/6.1.2 c-ares/1.15.0 libssh2/1.8.0
[INFO] [Context.cc:186] Logging started.
[DEBUG] [Context.cc:216] Not setting rlimit NO_FILE: 1024 >= 1024
[NOTICE] [Context.cc:311] Downloading 1 item(s)
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3902
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3952
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: dn.c[_gnutls_x509_compare_raw_dn]:990
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: dn.c[_gnutls_x509_compare_raw_dn]:990
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: dn.c[_gnutls_x509_compare_raw_dn]:990
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: dn.c[_gnutls_x509_compare_raw_dn]:990
[INFO] [LibgnutlsTLSContext.cc:158] 135 certificate(s) were imported.
[DEBUG] [RequestGroupMan.cc:591] 1 RequestGroup(s) added.
[DEBUG] [AbstractCommand.cc:184] CUID#7 - socket: read:0, write:0, hup:0, err:0
[DEBUG] [FeedbackURISelector.cc:162] Selected from normCands
[DEBUG] [FeedbackURISelector.cc:84] FeedbackURISelector selected https://www.example.com
[DEBUG] [AbstractCommand.cc:184] CUID#7 - socket: read:0, write:0, hup:0, err:0
[INFO] [AsyncNameResolverMan.cc:83] CUID#7 - Resolving hostname www.example.com
[DEBUG] [EpollEventPoll.cc:260] Failed to delete socket event:Bad file descriptor
[DEBUG] [AbstractCommand.cc:184] CUID#7 - socket: read:0, write:0, hup:0, err:0
[INFO] [AbstractCommand.cc:817] CUID#7 - Name resolution complete: www.example.com -> 93.184.216.34
[INFO] [HttpInitiateConnectionCommand.cc:123] CUID#7 - Connecting to 93.184.216.34:443
[DEBUG] [AbstractCommand.cc:184] CUID#7 - socket: read:0, write:0, hup:0, err:0
[DEBUG] [AbstractCommand.cc:184] CUID#7 - socket: read:0, write:1, hup:0, err:0
[DEBUG] [AbstractCommand.cc:184] CUID#7 - socket: read:0, write:1, hup:0, err:0
[DEBUG] [SocketCore.cc:926] Creating TLS session
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Allocating epoch #0
[DEBUG] [Platform.cc:86] GnuTLS: <2> added 6 protocols, 29 ciphersuites, 17 sig algos and 9 groups into priority list
[DEBUG] [SocketCore.cc:946] TLS Handshaking
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Allocating epoch #1
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: Adv. version: 3.3
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
[DEBUG] [Platform.cc:86] GnuTLS: <2> Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Maximum Record Size/1) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (OCSP Status Request/5) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension OCSP Status Request/5 (5 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Client Certificate Type/19) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Server Certificate Type/20) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Supported Groups/10) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group SECP256R1 (0x17)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group SECP384R1 (0x18)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group SECP521R1 (0x19)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group X25519 (0x1d)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group FFDHE2048 (0x100)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group FFDHE3072 (0x101)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group FFDHE4096 (0x102)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group FFDHE6144 (0x103)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sent group FFDHE8192 (0x104)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Supported Groups/10 (20 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Supported EC Point Formats/11) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Supported EC Point Formats/11 (2 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (SRP/12) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Signature Algorithms/13) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (4.1) RSA-SHA256
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (8.9) RSA-PSS-SHA256
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (4.3) ECDSA-SHA256
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (8.7) EdDSA-Ed25519
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (5.1) RSA-SHA384
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (8.10) RSA-PSS-SHA384
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (5.3) ECDSA-SHA384
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (6.1) RSA-SHA512
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (8.11) RSA-PSS-SHA512
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (6.3) ECDSA-SHA512
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sent signature algo (2.1) RSA-SHA1
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Signature Algorithms/13 (30 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (SRTP/14) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Heartbeat/15) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (ALPN/16) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Encrypt-then-MAC/22) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Encrypt-then-MAC/22 (0 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Extended Master Secret/23) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Extended Master Secret/23 (0 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Session Ticket/35) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Session Ticket/35 (0 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Key Share/51) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sending key share for SECP256R1
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: sending key share for X25519
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Key Share/51 (107 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Supported Versions/43) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <2> Advertizing version 3.4
[DEBUG] [Platform.cc:86] GnuTLS: <2> Advertizing version 3.3
[DEBUG] [Platform.cc:86] GnuTLS: <2> Advertizing version 3.2
[DEBUG] [Platform.cc:86] GnuTLS: <2> Advertizing version 3.1
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Supported Versions/43 (9 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Post Handshake Auth/49) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Safe Renegotiation/65281) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Safe Renegotiation/65281 (1 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Server Name Indication/0) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <2> HSK[0x7fffd8c6c880]: sent server name: 'www.example.com'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Server Name Indication/0 (20 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Cookie/44) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Early Data/42) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension PSK Key Exchange Modes/45 (3 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Record Size Limit/28) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Sending extension Record Size Limit/28 (2 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (ClientHello Padding/21) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Preparing extension (Pre Shared Key/41) for 'client hello'
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: CLIENT HELLO was queued [354 bytes]
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Preparing Packet Handshake(22) with length: 354 and min pad: 0
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Sent Packet[1] Handshake(22) in epoch 0 and length: 359
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[get_last_packet]:1171
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[_gnutls_io_read_buffered]:589
[DEBUG] [AbstractCommand.cc:184] CUID#7 - socket: read:1, write:0, hup:0, err:0
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[get_last_packet]:1171
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: SSL 3.3 Handshake packet received. Epoch 0, length: 123
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Expected Packet Handshake(22)
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Received Packet Handshake(22) with length: 123
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Decrypted Packet[0] Handshake(22) with length: 123
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: SERVER HELLO (2) was received. Length 119[119], frag offset 0, frag length: 119, sequence: 0
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[get_last_packet]:1162
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: Server's version: 3.3
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Parsing extension 'Supported Versions/43' (2 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Negotiated version: 3.4
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: Selected cipher suite: GNUTLS_AES_256_GCM_SHA384
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Parsing extension 'Key Share/51' (69 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: Selected group SECP256R1 (2)
[DEBUG] [Platform.cc:86] GnuTLS: <2> EXT[0x7fffd8c6c880]: client generated SECP256R1 shared key
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
[DEBUG] [Platform.cc:86] GnuTLS: <4> REC[0x7fffd8c6c880]: Sent ChangeCipherSpec
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Initializing epoch #1
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Epoch #1 ready
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_256_GCM_SHA384
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[get_last_packet]:1171
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: SSL 3.3 ChangeCipherSpec packet received. Epoch 1, length: 1
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Expected Packet Handshake(22)
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Received Packet ChangeCipherSpec(20) with length: 1
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: SSL 3.3 Application Data packet received. Epoch 1, length: 27
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Expected Packet Handshake(22)
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Received Packet Application Data(23) with length: 27
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Decrypted Packet[0] Handshake(22) with length: 10
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: ENCRYPTED EXTENSIONS (8) was received. Length 6[6], frag offset 0, frag length: 6, sequence: 0
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: parsing encrypted extensions
[DEBUG] [Platform.cc:86] GnuTLS: <4> EXT[0x7fffd8c6c880]: Parsing extension 'Server Name Indication/0' (0 bytes)
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[get_last_packet]:1171
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: SSL 3.3 Application Data packet received. Epoch 1, length: 4502
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Expected Packet Handshake(22)
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Received Packet Application Data(23) with length: 4502
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Decrypted Packet[1] Handshake(22) with length: 4485
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: CERTIFICATE (11) was received. Length 4481[4481], frag offset 0, frag length: 4481, sequence: 0
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[get_last_packet]:1162
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1413
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: parsing certificate message
[DEBUG] [Platform.cc:86] GnuTLS: <4> Found OCSP response on cert 0
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[get_last_packet]:1171
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: SSL 3.3 Application Data packet received. Epoch 1, length: 281
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Expected Packet Handshake(22)
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Received Packet Application Data(23) with length: 281
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Decrypted Packet[2] Handshake(22) with length: 264
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: CERTIFICATE VERIFY (15) was received. Length 260[260], frag offset 0, frag length: 260, sequence: 0
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: Parsing certificate verify
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: verifying TLS 1.3 handshake data using RSA-PSS-RSAE-SHA256
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: buffers.c[get_last_packet]:1171
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: SSL 3.3 Application Data packet received. Epoch 1, length: 69
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Expected Packet Handshake(22)
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Received Packet Application Data(23) with length: 69
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Decrypted Packet[3] Handshake(22) with length: 52
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: FINISHED (20) was received. Length 48[48], frag offset 0, frag length: 48, sequence: 0
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: parsing finished
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: sending finished
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: FINISHED was queued [52 bytes]
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Preparing Packet Handshake(22) with length: 52 and min pad: 0
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Sent Packet[1] Handshake(22) in epoch 1 and length: 74
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: constate.c[_gnutls_epoch_get]:901
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Allocating epoch #2
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Initializing epoch #2
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Epoch #2 ready
[DEBUG] [Platform.cc:86] GnuTLS: <4> HSK[0x7fffd8c6c880]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_256_GCM_SHA384
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Start of epoch cleanup
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Epoch #0 freed
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: Epoch #1 freed
[DEBUG] [Platform.cc:86] GnuTLS: <5> REC[0x7fffd8c6c880]: End of epoch cleanup
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: ocsp.c[find_signercert]:1996
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: common.c[_gnutls_x509_der_encode]:876
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: ocsp.c[find_signercert]:2091
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: ocsp.c[gnutls_ocsp_resp_verify]:2352
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: ocsp.c[find_signercert]:1996
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: common.c[_gnutls_x509_der_encode]:876
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: ocsp.c[find_signercert]:2091
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: mpi.c[wrap_nettle_mpi_print]:60
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: mpi.c[wrap_nettle_mpi_print]:60
[DEBUG] [Platform.cc:86] GnuTLS: <3> ocsp signer: subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', issuer `CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', serial 0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC', pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: ocsp.c[gnutls_ocsp_resp_get_single]:1649
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
[DEBUG] [Platform.cc:86] GnuTLS: <3> ASSERT: x509.c[get_alt_name]:1815
[WARN] [SocketCore.cc:979] aria2c had to connect to the other side using an unknown TLS protocol. The integrity and confidentiality of the connection might be compromised.
Peer: www.example.com (93.184.216.34:443)

02/24 15:38:26 [WARN] aria2c had to connect to the other side using an unknown TLS protocol. The integrity and confidentiality of the connection might be compromised.
...

答案1

您的日志表明aria2c正在使用 GnuTLS 库,它选择 TLS 1.3,因为 GnuTLS 库和服务器都支持它。

但根据这个补丁aria2c直到 2019 年 4 月 7 日才知道 TLS 1.3 的存在。由于您的问题日期为 2 月 24 日,因此您的日志片段显然早于该补丁。

因此,这只是 GnuTLS 库报告它正在使用 TLS 1.3,但aria2c不了解“TLS 1.3”是什么。

一旦您更新aria2c到包含该补丁的版本,aria2c您将了解 GnuTLS 在使用 TLS 1.3 报告连接时所说的内容,并且能够正确地向用户报告该情况,因此问题就会消失。

不幸的是,在撰写本文时,最新版本是 1.34.0,于 2018 年 5 月发布,因此它太旧,无法包含 TLS 1.3 补丁。在创建新的发布版本之前aria2c,获得支持 TLS 1.3 且没有那些烦人消息的版本的唯一方法aria2c从 GitHub 获取最新源代码并自己编译它,或者找人分发aria2c1.34.0 的修改版本,并反向移植此补丁。

aria2c1.35.0 版本于 2019 年 10 月 6 日发布,该版本最终包含 TLS 1.3 支持。

相关内容