Jump to content

HTTPS doesn't work in the WSL, Win10 [Closed]


Go to solution Solved by Igor Kurzin,

Recommended Posts

Posted
Hello, everybody! KIS Version: 19.0.0.1088 (d) OS Version: Windows 10 Pro 1809 x64 The problem is the Windows Subsystem for Linux does't pass SSL connections through 443/tcp. I was exported Kaspersky Root CA cert from my browser and installed it into my debian app, but it had no effect: user@HOST:~$ cd /tmp user@HOST:/tmp$ openssl s_client -connect ya.ru:443 CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 176 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1554679906 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- user@HOST:/tmp$ Any suggestions?
Posted
Hi, welcome to the new Kaspersky Community. Have you tried reinstalling the "my debian app" Quote: I was exported Kaspersky Root CA cert from my browser. Maybe you should contact Kaspersky Support. https://my.kaspersky.com/
  • Solution
Igor Kurzin
Posted
hi, this is a known issue, should be resolved with patch "f", which is expected to be rolled out in the beginning of June.
  • 1 month later...
Posted
is this resolve? I too have the same issue this time while trying to connect git repo on Windows 10 WSL resulted to following error below when executing git clone on https, using total security version 19.0.0.1088 (e) gnutls_handshake() failed: The TLS connection was non-properly terminated. and disabling kaspersky and restarting my machine will resolve the issue
  • 1 month later...
Pavel Maltsev
Posted
Hi, was the patch released? I have the same issue. Please reply with some useful information, no need to ask to contact tech support and send them issue details as they are already provided here.
Flood and Flood's wife
Posted
Hi Pavel Maltsev Welcome. Patch(f) has been released. My understanding is the release is complete in all regions. What patch is your software on? Regards.
Pavel Maltsev
Posted
Hi FLOOD , In support window I see this Version: 19.0.0.1088 (f) OS: Microsoft Windows 10 x64 Build 17134
Pavel Maltsev
Posted
In network settings if I set "Don't check trusted connections", then Linux utils in WSL like curl work fine.
Flood and Flood's wife
Posted
In network settings if I set "Don't check trusted connections", then Linux utils in WSL like curl work fine.
Hello Pavel, bc, we don't know the exact scope (of your environment), it's very difficult to provide any guidance: as you know your circumstance, hardware, software, network, virtual env & anything/everything else (& if you haven't checked the compliace requirements)- see "a little light reading" library below), that may be worthwhile. It's important to understand, we see thru your eyes, the more you tell us, the more likely there will be Community members who'll pitch in...
  1. Exactly, what is being used, (app, browser, another device, ???) when
"gnutls_handshake() failed: The TLS connection was non-properly terminated" occurs?
  1. Where do you see this error?
  2. Has this error always occured or when did it start, at the time it started, did anything change in the 24 to 48 hours surrounding the error occuring?
  3. Any other information you care to share, please?
Please let us know? Thanks. --- A little light reading:
  1. https://help.kaspersky.com/KIS/2019/en-US/119653.htm
What's new - (inc.) Scanning of encrypted connections has been improved. You can now choose actions for sites that returned scan errors and add such sites to exclusions.
  1. https://help.kaspersky.com/KIS/2019/en-US/68219.htm
Network settings How to configure encrypted connections settings
  1. https://help.kaspersky.com/KIS/2019/en-US/157530.htm
Limitations and warnings
  1. https://help.kaspersky.com/KIS/2019/en-US/85549.htm
Hardware and software requirements
  1. https://help.kaspersky.com/KIS/2019/en-US/43520.htm
Is this relevant: Due to technical limitations of the implementation of scanning algorithms, scanning of encrypted connections does not support certain extensions of the TLS 1.0 protocol and later versions (particularly NPN and ALPN). Connections via these protocols may be limited. Browsers with SPDY protocol support use the HTTP over TLS protocol instead of SPDY even if the server to which the connection is established supports SPDY. This does not affect the level of connection security. If the server supports only the SPDY protocol and it is impossible to establish the connection via the HTTPS protocol, the application does not monitor the connection established.
Pavel Maltsev
Posted
Hi FLOOD ,
Exactly, what is being used, (app, browser, another device, ???)
It is WSL as mentioned by topic starter. I have tried both Ubuntu 16 LTS and Ubuntu 18 LTS. Any command line utils like curl, wget give same error.
Where do you see this error?
In command line, when I run bash and use curl, git or other network connected util
Has this error always occured or when did it start, at the time it started, did anything change in the 24 to 48 hours surrounding the error occuring?
Can't say about it, I was not using WSL for a long time (like ~6 months) and now I need it again
Flood and Flood's wife
Posted
Hi PavelMaltsev, The reason we ask for specific info is, sometimes, what another poster has posted, looks identical to what (we/you/me/others) are posting, however, there are in fact difference(s), that then changes the dynamic. A statement, such as: "no need to ask to contact tech support and send them issue details as they are already provided here" Makes me tremble, bc, (even tho) we understand frustration and a pressing need to help whomever is posting, we also know we are confined to blindness. Generic info limits us, we can only "hope like hell", our psychic radar is finely turned,our crystal ball not in need on a thorough clean and our functional human brain in top gear. If all 3 & the :eyes::dog2: are lined up , we do everything in our power to help, in fact, even when the dog's on holiday, the crystal ball smashed & the brain in less than optimal mode, we still do everything in our power to help. -------------
  1. Are you using KIS free or licenced?
  2. When ANY errors related to the heading of this topic "HTTPS doesn't work in the WSL, Win10" are they logged by KIS, in KIS REPORTS?
  3. IF "YES", export them & upload the report, using the upload icon in your post.
  4. Download GSI https://support.kaspersky.com/common/diagnostics/3632#block7
  5. Enable KIS TRACES
  6. REBOOT.
  7. When your computer is restarted - at the same time - replicate the issue AND run the GSI with Windows logs,
  8. Turn OFF KIS TRACES.
  9. Upload the (GIS).zip & (KIS TRACES) .zip to cloud storage of your choice & post back the link.
  10. Detail how WSL has been activated - via pgm ctl or ?
  11. Re: Ubuntu - which edition is currently activated?
  12. One final question b4 I take the ?:dog2:for a walk, have any (WSL) command line utils ever worked, in your exact environment, i.e. Win10, KIS installed & WSL?
Please let us know? Thanks.
Pavel Maltsev
Posted
Hi FLOOD ,
hi, this is a known issue, should be resolved with patch "f"
I still can't understand why if you say it is a known issue you ask questions like this
Exactly, what is being used, (app, browser, another device, ???)
So, what about the issue you are aware about? Was it fixed and released in patch "f" and now it is not reproducible on your side?
Flood and Flood's wife
Posted
I still can't understand why if you say it is a known issue you ask questions like this Was it fixed and released in patch "f" ?
Hello Pavel Maltsev, I didn't say "known issue, should be resolved with patch (f)". Maybe you need to address your questions to the person who did. As I've already explained, we're willing to help, however, it's a two way street, you provide information/data, we provide as much help as we can. There may well be folks in the Community who have a perfect answer for you, I guess they'll post to your post and let you know. Thank you.
Igor Kurzin
Posted
Hi, yes, the patch "f" was released. If you still experience issues, please submit a ticket to technical support and send me the INC number via private message. Thank you.
  • 4 weeks later...
Posted
Hello, people! Today, patch g was released, and the problem was resolved. Many thanks.
Guest
This topic is now closed to further replies.


×
×
  • Create New...