schannel: failed to decrypt data, need more data error in window11 with libcurl #14807
Comments
|
Do you see an error returned by curl or is it just the message that you think should not happen? |
|
Curl is returning this error during download. logs:
so this schannel error is keep printing until the download completes |
|
So the download completes successfully, but the stream of messages is - understandably - annoying. Did I get this right? |
|
its not about annoying.. or confirm that its causing due to windows compatibility with TLS and curl |
It is misleading and wrong. Reported-by: Annpurna Fixes #14807
Turn most infof() and DEBUGF() traces into CURL_TRC_CF() statements that do not appear on normal verbose output. refs curl#14807
It is not an error indication, e.g. nothing has gone wrong. The cause of this is that the Schannel library gets a chunk of data from your proxy that is not a complete TLS record. Therefore, it cannot decode it and needs the rest of the packet's data. When it arrives, it will complete the decryption and everything is fine. Under most network conditions, TLS packets arrive pretty much complete and it is rare that this happens. But your proxy seems to forward the data in chunks that make this more frequent. Why it does that, I do not know. |
|
okay, Thanks a lot for the clarification. |
|
We are discussing moving this message into a level of tracing or eliminating it. What it basically means is decryption failed because the received message is incomplete. Depending on network conditions you may see it very frequently in verbose. |
- Create a new macro SCH_DEV() to manage verbose debug messages that are only useful for debugging Schannel recv decryption. schannel_recv contains a lot of useful debug messages to help debug the function, however in practice they are not otherwise useful and showing them in debug builds adds a lot of noise. To show these messages curl must now be built with CURL_SCHANNEL_DEV_DEBUG defined. Prior to this change many, but not all, extra-verbose messages were wrapped in DEBUGF() so they were only shown in debug builds. Ref: curl#14807 Closes #xxxxx
- Create a new macro SCH_DEV() to manage verbose debug messages that are only useful for debugging Schannel recv decryption. schannel_recv contains a lot of useful debug messages to help debug the function, however in practice they are not otherwise useful and showing them in debug builds adds a lot of noise. To show these messages curl must now be built with CURL_SCHANNEL_DEV_DEBUG defined. Prior to this change many, but not all, extra-verbose messages were wrapped in DEBUGF() so they were only shown in debug builds. Ref: curl#14807 Closes #xxxxx
- Create a new macro SCH_DEV() to manage verbose debug messages that are only useful for debugging Schannel recv decryption. schannel_recv contains a lot of useful debug messages to help debug the function, however in practice they are not otherwise useful and showing them in debug builds adds a lot of noise. To show these messages curl must now be built with CURL_SCHANNEL_DEV_DEBUG defined. Prior to this change many, but not all, extra-verbose messages were wrapped in DEBUGF() so they were only shown in debug builds. Ref: curl#14807 Closes #xxxxx
I did this
when try to download a file using curl through proxy and below command:
curl -fvk --proxy 120.0.0.1:3501 -o Test.bin <URL_to_download> -v -k -l
download is successful but : "schannel: failed to decrypt data, need more data " error is coming
TLS handshake was successful
i tried running with --tls-max 1.2 flag and --ssl-no-revoke flag but still the issue is coming
its happening only when i tried to download the file from windows.
but how to confirm that this is issue with windows and TLS compatability.
I expected the following
expected to completed the download without errors
curl/libcurl version
curl/8.2.1
operating system
window11
The text was updated successfully, but these errors were encountered: