GnuTLS: An unexpected TLS packet was received.和 ERR_SSL_PROTOCOL_ERROR

hkbase commented 1 year ago

本机环境：通过iptables配置为xray透明代理网关，且运行正常。（入站：dokodemo-door+tproxy，出站：trojan+tcp+tls+safari）但是在本机wget个别站点时，例如：wget https://go.dev/dl/go1.19.3.linux-armv6l.tar.gz ，会报错GnuTLS: An unexpected TLS packet was received. 通过运行curl https://www.google.com 命令结果，可见外网访问也是正常的。具体见下面：

root@linux# xray version
Xray 1.6.5 (Xray, Penetrates Everything.) Custom (go1.19.3 linux/arm)
A unified platform for anti-censorship.

root@linux# wget https://go.dev/dl/go1.19.3.linux-armv6l.tar.gz
--2022-12-06 10:52:13--  https://go.dev/dl/go1.19.3.linux-armv6l.tar.gz
Resolving go.dev (go.dev)... 216.239.34.21, 216.239.32.21, 216.239.38.21, ...
Connecting to go.dev (go.dev)|216.239.34.21|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://dl.google.com/go/go1.19.3.linux-armv6l.tar.gz [following]
--2022-12-06 10:52:14--  https://dl.google.com/go/go1.19.3.linux-armv6l.tar.gz
Resolving dl.google.com (dl.google.com)... 142.251.42.174
Connecting to dl.google.com (dl.google.com)|142.251.42.174|:443... connected.
GnuTLS: An unexpected TLS packet was received.
Unable to establish SSL connection.

root@linux# curl https://www.google.com
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/logos/doodles/2022/seasonal-holidays-2022-6753651837109831.3-law.gif" itemprop="image"><meta content="Seasonal Holidays 2022" property="twitter:title"><meta content="" property="twitter:description"><meta content="summary_large_image" property="twitter:card"><meta content="@GoogleDoodles" property="twitter:site"><meta content="https://www.google.com/logos/doodles/2022/seasonal-holidays-2022-6753651837109831.2-2xa.gif" property="twitter:image"><meta content="https://www.google.com/logos/doodles/2022/seasonal-holidays-2022-6753651837109831.2-2xa.gif" property="og:image"><meta content="1150" property="og:image:width"><meta content="460" property="og:image:height"><meta content="https://www.google.com/logos/doodles/2022/seasonal-holidays-2022-6753651837109831.2-2xa.gif" property="og:url"><meta content="video.other" property="og:type"><title>Google</title><script nonce="uCfF06kdDH7_DVUt2gp1LA">(function(){window.google={kEI:'hq-OY-aiPPnh2roPtMG44AE',kEXPI:'0,1359409,6059,206,4804,2316,383,246,5,5367,1123753,1197745,380745,16115,28684,22430,1362,12319,17580,4998,13228,3847,10622,22741,5081,1593,1279,2742,149,1103,840,1983,4314,109,3405,606,2023,2297,14670,3227,2845,8,5598,19390,4085,4696,1851,6397,8927,432,3,1590,1,5444,149,11323,2652,4,1528,2304,7039,4887,17136,5708,7355,11445,2215,2980,1457,15351,1435,5821,2536,4094,4052,3,3541,1,11942,30218,2,14016,2373,342,3533,19491,5679,1021,2377,28744,4568,6259,23418,1252,5835,14968,4332,2204,5280,445,2,2,1,5177,1783,17666,2006,8155,7381,2,3,15964,874,9625,10008,7,1922,5784,3995,21779,9543,4832,26503,8881,11256,14,82,3890,751,11873,2271,735,3,683,109,830,118,284,281,899,880,1854,32,1965,1119,6,1746,2039,5124,81,246,454,5201,1742,813,1224,10,280,2350,78,1419,2,563,72,330,521,68,1001,1093,378,63,399,138,385,1033,42,291,2260,407,2,723,444,79,402,403,1006,22,3,784,3,76,242,1872,575,963,341,861,315,1,861,1378,891,56,1,856,75,2,27,161,41,923,538,581,1,837,478,49,16,3,456,57,39,593,2,461,251,1100,92,123,641,187,391,232,919,294,622,80,195,5,498,303,718,109,1,19,109,134,626,5,36,125,77,24,101,131,30,288,144,27,1,35,1,302,490,46,233,668,65,630,363,43,1,519,52,12,1520,544,517,402,2,8,2,14,39,445,93,702,89,560,327,169,2,7,2,1750,20,1,79,392,33,224,2286,5280606,1873,4058,12,4,146,82,62,8798886,3311,141,795,19735,1,1,346,1755,1004,41,343,199,4,1,10,7,4,2,2,4,2,3,1,3,2,2,2,2,4,2,2,2,1,2,3,53,20727002,3220020,512,19,15,4041597,1964,3094,13578,3406,5595,11,3834,2176,3500,585,1524970',kBL:'p9Xv'};google.sn='webhp';google.kHL='en';})();(function(){
var f=this||self;var h,k=[];function l(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}
function n(a,b,c,d,g){var e="";c||-1!==b.search("&ei=")||(e="&ei="+l(d),-1===b.search("&lei=")&&(d=m(d))&&(e+="&lei="+d));d="";!c&&f._cshid&&-1===b.search("&cshid=")&&"slh"!==a&&(d="&cshid="+f._cshid);c=c||"/"+(g||"gen_204")+"?atyp=i&ct="+a+"&cad="+b+e+"&zx="+Date.now()+d;/^http:/i.test(c)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:c,glmm:1}),c="");return c};h=google.kEI;google.getEI=l;google.getLEI=m;google.ml=function(){return null};google.log=function(a,b,c,d,g){if(c=n(a,b,c,d,g)){a=new Image;var e=k.length;k[e]=a;a.onerror=a.onload=a.onabort=function(){delete k[e]};a.src=c}};google.logUrl=n;}).call(this);(function(){google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};}).call(this);google.f={};(function(){
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);</script><style>#gbar,#guser{font-size:13px;padding-top:1px !important;}#gbar{height:22px}#guser{padding-bottom:7px !important;text-align:right}.gbh,.gbd{border-top:1px solid #c9d7f1;font-size:1px}.gbh{height:0;position:absolute;top:24px;width:100%}@media all{.gb1{height:22px;margin-right:.5em;vertical-align:top}#gbar{float:left}}a.gb1,a.gb4{text-decoration:underline !important}a.gb1,a.gb4{color:#00c !important}.gbi .gb4{color:#dd8e27 !important}.gbf .gb4{color:#900 !important}
</style><style>body,td,a,p,.h{font-family:arial,sans-serif}body{margin:0;overflow-y:scroll}#gog{padding:3px 8px 0}td{line-height:.8em}.gac_m td{line-height:17px}form{margin-bottom:20px}.h{color:#1558d6}em{font-weight:bold;font-style:normal}.lst{height:25px;width:496px}.gsfi,.lst{font:18px arial,sans-serif}.gsfs{font:17px arial,sans-serif}.ds{display:inline-box;display:inline-block;margin:3px 0 4px;margin-left:4px}input{font-family:inherit}body{background:#fff;color:#000}a{color:#4b11a8;text-decoration:none}a:hover,a:active{text-decoration:underline}.fl a{color:#1558d6}a:visited{color:#4b11a8}.sblc{padding-top:5px}.sblc a{display:block;margin:2px 0;margin-left:13px;font-size:11px}.lsbb{background:#f8f9fa;border:solid 1px;border-color:#dadce0 #70757a #70757a #dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0 -261px repeat-x;border:none;color:#000;cursor:pointer;height:30px;margin:0;outline:0;font:15px arial,sans-serif;vertical-align:top}.lsb:active{background:#dadce0}.lst:focus{outline:none}</style><script nonce="uCfF06kdDH7_DVUt2gp1LA">(function(){window.google.erd={jsr:1,bv:1698,de:true};
var h=this||self;var k,l=null!=(k=h.mei)?k:1,n,p=null!=(n=h.sdo)?n:!0,q=0,r,t=google.erd,v=t.jsr;google.ml=function(a,b,d,m,e){e=void 0===e?2:e;b&&(r=a&&a.message);if(google.dl)return google.dl(a,e,d),null;if(0>v){window.console&&console.error(a,d);if(-2===v)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||q>=l&&!m?!1:!0;if(!b)return null;q++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(t.jsr)+"&bver="+b(t.bv);var f=a.lineNumber;void 0!==f&&(c+="&line="+f);var g=
a.fileName;g&&(0<g.indexOf("-extension:/")&&(e=3),c+="&script="+b(g),f&&g===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));c+="&jsel="+e;for(var u in d)c+="&",c+=b(u),c+="=",c+=b(d[u]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");12288<=c.length&&(c=c.substr(0,12288));a=c;m||google.log(0,"",a);return a};window.onerror=function(a,b,d,m,e){r!==a&&(a=e instanceof Error?e:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)||-1!==a.message.indexOf("Script error")?3:0));r=null;p&&q>=l&&(window.onerror=null)};})();</script></head><body bgcolor="#fff"><script nonce="uCfF06kdDH7_DVUt2gp1LA">(function(){var src='/images/nav_logo229.png';var iesg=false;document.body.onload = function(){window.n && window.n();if (document.images){new Image().src=src;}
if (!iesg){document.f&&document.f.q.focus();document.gbqf&&document.gbqf.q.focus();}
}
})();</script><div id="mngb"><div id=gbar><nobr><b class=gb1>Search</b> <a class=gb1 href="https://www.google.com/imghp?hl=en&tab=wi">Images</a> <a class=gb1 href="https://maps.google.com/maps?hl=en&tab=wl">Maps</a> <a class=gb1 href="https://play.google.com/?hl=en&tab=w8">Play</a> <a class=gb1 href="https://www.youtube.com/?tab=w1">YouTube</a> <a class=gb1 href="https://news.google.com/?tab=wn">News</a> <a class=gb1 href="https://mail.google.com/mail/?tab=wm">Gmail</a> <a class=gb1 href="https://drive.google.com/?tab=wo">Drive</a> <a class=gb1 style="text-decoration:none" href="https://www.google.com/intl/en/about/products?tab=wh"><u>More</u> &raquo;</a></nobr></div><div id=guser width=100%><nobr><span id=gbn class=gbi></span><span id=gbf class=gbf></span><span id=gbe></span><a href="http://www.google.com/history/optout?hl=en" class=gb4>Web History</a> | <a  href="/preferences?hl=en" class=gb4>Settings</a> | <a target=_top id=gb_70 href="https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/&ec=GAZAAQ" class=gb4>Sign in</a></nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div></div><center><br clear="all" id="lgpd"><div id="lga"><img alt="Seasonal Holidays 2022" border="0" height="200" src="/logos/doodles/2022/seasonal-holidays-2022-6753651837109831.3-law.gif" title="Seasonal Holidays 2022" width="500" id="hplogo"><br></div><form action="/search" name="f"><table cellpadding="0" cellspacing="0"><tr valign="top"><td width="25%">&nbsp;</td><td align="center" nowrap=""><input name="ie" value="ISO-8859-1" type="hidden"><input value="en" name="hl" type="hidden"><input name="source" type="hidden" value="hp"><input name="biw" type="hidden"><input name="bih" type="hidden"><div class="ds" style="height:32px;margin:4px 0"><input class="lst" style="margin:0;padding:5px 8px 0 6px;vertical-align:top;color:#000" autocomplete="off" value="" title="Google Search" maxlength="2048" name="q" size="57"></div><br style="line-height:0"><span class="ds"><span class="lsbb"><input class="lsb" value="Google Search" name="btnG" type="submit"></span></span><span class="ds"><span class="lsbb"><input class="lsb" id="tsuid_1" value="I'm Feeling Lucky" name="btnI" type="submit"><script nonce="uCfF06kdDH7_DVUt2gp1LA">(function(){var id='tsuid_1';document.getElementById(id).onclick = function(){if (this.form.q.value){this.checked = 1;if (this.form.iflsig)this.form.iflsig.disabled = false;}
else top.location='/doodles/';};})();</script><input value="AJiK0e8AAAAAY469l8y9eH3jKaiuBombxjsKFGlWCCnL" name="iflsig" type="hidden"></span></span></td><td class="fl sblc" align="left" nowrap="" width="25%"><a href="/advanced_search?hl=en&amp;authuser=0">Advanced search</a></td></tr></table><input id="gbv" name="gbv" type="hidden" value="1"><script nonce="uCfF06kdDH7_DVUt2gp1LA">(function(){var a,b="1";if(document&&document.getElementById)if("undefined"!=typeof XMLHttpRequest)b="2";else if("undefined"!=typeof ActiveXObject){var c,d,e=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"];for(c=0;d=e[c++];)try{new ActiveXObject(d),b="2"}catch(h){}}a=b;if("2"==a&&-1==location.search.indexOf("&gbv=2")){var f=google.gbvu,g=document.getElementById("gbv");g&&(g.value=a);f&&window.setTimeout(function(){location.href=f},0)};}).call(this);</script></form><div id="gac_scont"></div><div style="font-size:83%;min-height:3.5em"><br></div><span id="footer"><div style="font-size:10pt"><div style="margin:19px auto;text-align:center" id="WqQANb"><a href="/intl/en/ads/">Advertising�Programs</a><a href="/services/">Business Solutions</a><a href="/intl/en/about.html">About Google</a></div></div><p style="font-size:8pt;color:#70757a">&copy; 2022 - <a href="/intl/en/policies/privacy/">Privacy</a> - <a href="/intl/en/policies/terms/">Terms</a></p></span></center><script nonce="uCfF06kdDH7_DVUt2gp1LA">(function(){window.google.cdo={height:757,width:1440};(function(){var a=window.innerWidth,b=window.innerHeight;if(!a||!b){var c=window.document,d="CSS1Compat"==c.compatMode?c.documentElement:c.body;a=d.clientWidth;b=d.clientHeight}a&&b&&(a!=google.cdo.width||b!=google.cdo.height)&&google.log("","","/client_204?&atyp=i&biw="+a+"&bih="+b+"&ei="+google.kEI);}).call(this);})();</script> <script nonce="uCfF06kdDH7_DVUt2gp1LA">(function(){google.xjs={ck:'xjs.hp.oxai9SxkIQY.L.X.O',cs:'ACT90oGuMRhVQfvMfiBCiN66-FAr1_41Tg',excm:[]};})();</script>  <script nonce="uCfF06kdDH7_DVUt2gp1LA">(function(){var u='/xjs/_/js/k\x3dxjs.hp.en_US.9b-uVUIpJU8.O/am\x3dAADoBABQAGAB/d\x3d1/ed\x3d1/rs\x3dACT90oEUnjF90qVRE6vmPlzRYSDqOAd4iQ/m\x3dsb_he,d';var amd=0;
var d=this||self,e=function(a){return a};var g;var l=function(a,b){this.g=b===h?a:""};l.prototype.toString=function(){return this.g+""};var h={};
function m(){var a=u;google.lx=function(){p(a);google.lx=function(){}};google.bx||google.lx()}
function p(a){google.timers&&google.timers.load&&google.tick&&google.tick("load","xjsls");var b=document;var c="SCRIPT";"application/xhtml+xml"===b.contentType&&(c=c.toLowerCase());c=b.createElement(c);if(void 0===g){b=null;var k=d.trustedTypes;if(k&&k.createPolicy){try{b=k.createPolicy("goog#html",{createHTML:e,createScript:e,createScriptURL:e})}catch(q){d.console&&d.console.error(q.message)}g=b}else g=b}a=(b=g)?b.createScriptURL(a):a;a=new l(a,h);c.src=a instanceof l&&a.constructor===l?a.g:"type_error:TrustedResourceUrl";var f,n;(f=(a=null==(n=(f=(c.ownerDocument&&c.ownerDocument.defaultView||window).document).querySelector)?void 0:n.call(f,"script[nonce]"))?a.nonce||a.getAttribute("nonce")||"":"")&&c.setAttribute("nonce",f);document.body.appendChild(c);google.psa=!0};google.xjsu=u;setTimeout(function(){0<amd?google.caft(function(){return m()},amd):m()},0);})();function _DumpException(e){throw e;}
function _F_installCss(c){}
(function(){google.jl={blt:'none',chnk:0,dw:false,dwu:true,emtn:0,end:0,ico:false,ikb:0,ine:false,injs:'none',injt:0,injth:0,injv2:false,lls:'default',pdt:0,rep:0,snet:true,strt:0,ubm:false,uwp:true};})();(function(){var pmc='{\x22d\x22:{},\x22sb_he\x22:{\x22agen\x22:true,\x22cgen\x22:true,\x22client\x22:\x22heirloom-hp\x22,\x22dh\x22:true,\x22ds\x22:\x22\x22,\x22fl\x22:true,\x22host\x22:\x22google.com\x22,\x22jsonp\x22:true,\x22msgs\x22:{\x22cibl\x22:\x22Clear Search\x22,\x22dym\x22:\x22Did you mean:\x22,\x22lcky\x22:\x22I\\u0026#39;m Feeling Lucky\x22,\x22lml\x22:\x22Learn more\x22,\x22psrc\x22:\x22This search was removed from your \\u003Ca href\x3d\\\x22/history\\\x22\\u003EWeb History\\u003C/a\\u003E\x22,\x22psrl\x22:\x22Remove\x22,\x22sbit\x22:\x22Search by image\x22,\x22srch\x22:\x22Google Search\x22},\x22ovr\x22:{},\x22pq\x22:\x22\x22,\x22rfs\x22:[],\x22sbas\x22:\x220 3px 8px 0 rgba(0,0,0,0.2),0 0 0 1px rgba(0,0,0,0.08)\x22,\x22stok\x22:\x22ybzsyMfNlpk80NvkwOoA7lJq0ZE\x22}}';google.pmc=JSON.parse(pmc);})();</script>        </body></html>

然后我又在局域网内的其它电脑上通过chrome浏览器访问这个地址https://go.dev/dl/go1.19.3.linux-armv6l.tar.gz 会报错ERR_SSL_PROTOCOL_ERROR ，多次刷新浏览器，依然还是同样的错误提示。此电脑可以正常访问谷歌、youtube等外网站点。

GreatMichaelLee commented 1 year ago

这问题频繁发生，不知道为啥这么难定位和解决

nmweizi commented 1 year ago

我这是windows chrome，同样是这个问题，提示ERR_SSL_PROTOCOL_ERROR，不能使用。 Xray 1.6.5，v2rayN

hkbase commented 1 year ago

使用最新的xray 1.6.6版本，问题依旧存在～～

GreatMichaelLee commented 1 year ago

使用最新的xray 1.6.6版本，问题依旧存在～～

一样，还是有，感觉没有任何改善。

hkbase commented 1 year ago

开篇提到的报错原因找到了，是因为我在本地透明网关和远程vps端加入了以下策略

      {
      "type": "field",
      "outboundTag": "block"，
      "domain": ["geosite:category-ads-all"]
      }

导致了访问google站点会报错，目前发现了2个站点dl.google.com和ssl.gstatic.com，后来通过在本地的透明网关和远程vps的xray配置规则后，问题排除，特此反馈一下，给有同样报错问题的朋友参考。本地透明网关修改后的xray规则如下：

        {
       "type": "field",
      "outboundTag": "proxy",
      "domain":["dl.google.com","ssl.gstatic.com","googleapis.com"]
        },
      {
      "type": "field",
      "outboundTag": "block"，
      "domain": ["geosite:category-ads-all"]
      }

远端vps修改后的xray规则如下：

       {
        "type": "field", 
        "outboundTag": "direct"，
       "domain": ["dl.google.com","ssl.gstatic.com","googleapis.com"]
       }，
      {
      "type": "field",
      "outboundTag": "block"，
      "domain": ["geosite:category-ads-all"]
      }

希望维护geosite:category-ads-all列表的人员看到，以后能够减少网站误杀。

chika0801 commented 1 year ago

vps配置不建议用geosite cn，用了就是这种莫名问题

XTLS / Xray-core

GnuTLS: An unexpected TLS packet was received.和 ERR_SSL_PROTOCOL_ERROR #1408