Kaspersky
Solved

HTTPS doesn't work in the WSL, Win10 [Closed]


Hello, everybody!
KIS Version: 19.0.0.1088 (d)
OS Version: Windows 10 Pro 1809 x64
The problem is the Windows Subsystem for Linux does't pass SSL connections through 443/tcp.
I was exported Kaspersky Root CA cert from my browser and installed it into my debian app, but it had no effect:

code:
user@HOST:~$ cd /tmp
user@HOST:/tmp$ openssl s_client -connect ya.ru:443
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1554679906
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
user@HOST:/tmp$


Any suggestions?
icon

Best answer by Igor Kurzin 8 April 2019, 07:11

View original

This topic has been closed for comments

15 replies

Userlevel 7
Badge +2
Hi, welcome to the new Kaspersky Community.
Have you tried reinstalling the "my debian app"
Quote:
I was exported Kaspersky Root CA cert from my browser.
Maybe you should contact Kaspersky Support.
https://my.kaspersky.com/
Userlevel 7
Badge +5
hi, this is a known issue, should be resolved with patch "f", which is expected to be rolled out in the beginning of June.
is this resolve? I too have the same issue this time while trying to connect git repo on Windows 10 WSL
resulted to following error below when executing git clone on https, using total security version 19.0.0.1088 (e)
code:
gnutls_handshake() failed: The TLS connection was non-properly terminated.


and disabling kaspersky and restarting my machine will resolve the issue
Userlevel 7
Badge +4
Welcome. Please contact Tech Support: https://my.kaspersky.com/support/

Please attach the following items to your Tech Support request:

a. Description of the issue.
b. Screenshot, as needed.
c. GSI
Hi,

was the patch released? I have the same issue.

Please reply with some useful information, no need to ask to contact tech support and send them issue details as they are already provided here.
Userlevel 7
Badge +11
Hi Pavel Maltsev
Welcome.
Patch(f) has been released. My understanding is the release is complete in all regions.
What patch is your software on?
Regards.
Hi @FLOOD ,

In support window I see this
code:
Version: 19.0.0.1088 (f)
OS: Microsoft Windows 10 x64 Build 17134
In network settings if I set "Don't check trusted connections", then Linux utils in WSL like curl work fine.
Userlevel 7
Badge +11
In network settings if I set "Don't check trusted connections", then Linux utils in WSL like curl work fine.
Hello Pavel,
bc, we don't know the exact scope (of your environment), it's very difficult to provide any guidance: as you know your circumstance, hardware, software, network, virtual env & anything/everything else (& if you haven't checked the compliace requirements)- see "a little light reading" library below), that may be worthwhile.

It's important to understand, we see thru your eyes, the more you tell us, the more likely there will be Community members who'll pitch in...

  • Exactly, what is being used, (app, browser, another device, ???) when
code:
"gnutls_handshake() failed: The TLS connection was non-properly terminated"

occurs?
  • Where do you see this error?
  • Has this error always occured or when did it start, at the time it started, did anything change in the 24 to 48 hours surrounding the error occuring?
  • Any other information you care to share, please?
Please let us know?
Thanks.
---
A little light reading:
  • https://help.kaspersky.com/KIS/2019/en-US/119653.htm
What's new - (inc.) Scanning of encrypted connections has been improved. You can now choose actions for sites that returned scan errors and add such sites to exclusions.
  • https://help.kaspersky.com/KIS/2019/en-US/68219.htm
Network settings
How to configure encrypted connections settings
  • https://help.kaspersky.com/KIS/2019/en-US/157530.htm
Limitations and warnings
  • https://help.kaspersky.com/KIS/2019/en-US/85549.htm
Hardware and software requirements
  • https://help.kaspersky.com/KIS/2019/en-US/43520.htm
Is this relevant:
Due to technical limitations of the implementation of scanning algorithms, scanning of encrypted connections does not support certain extensions of the TLS 1.0 protocol and later versions (particularly NPN and ALPN). Connections via these protocols may be limited. Browsers with SPDY protocol support use the HTTP over TLS protocol instead of SPDY even if the server to which the connection is established supports SPDY. This does not affect the level of connection security. If the server supports only the SPDY protocol and it is impossible to establish the connection via the HTTPS protocol, the application does not monitor the connection established.
Hi @FLOOD ,

Exactly, what is being used, (app, browser, another device, ???)


It is WSL as mentioned by topic starter. I have tried both Ubuntu 16 LTS and Ubuntu 18 LTS.
Any command line utils like curl, wget give same error.

Where do you see this error?


In command line, when I run bash and use curl, git or other network connected util

Has this error always occured or when did it start, at the time it started, did anything change in the 24 to 48 hours surrounding the error occuring?


Can't say about it, I was not using WSL for a long time (like ~6 months) and now I need it again
Userlevel 7
Badge +11
Hi PavelMaltsev,
The reason we ask for specific info is, sometimes, what another poster has posted, looks identical to what (we/you/me/others) are posting, however, there are in fact difference(s), that then changes the dynamic.

A statement, such as: "no need to ask to contact tech support and send them issue details as they are already provided here"

Makes me tremble, bc, (even tho) we understand frustration and a pressing need to help whomever is posting, we also know we are confined to blindness.

Generic info limits us, we can only "hope like hell", our psychic radar is finely turned,our crystal ball not in need on a thorough clean and our functional human brain in top gear.

If all 3 & the 👀🐕 are lined up , we do everything in our power to help, in fact, even when the dog's on holiday, the crystal ball smashed & the brain in less than optimal mode, we still do everything in our power to help.
-------------
  1. Are you using KIS free or licenced?
  2. When ANY errors related to the heading of this topic "HTTPS doesn't work in the WSL, Win10" are they logged by KIS, in KIS REPORTS?
  3. IF "YES", export them & upload the report, using the upload icon in your post.
  4. Download GSI https://support.kaspersky.com/common/diagnostics/3632#block7
  5. Enable KIS TRACES
  6. REBOOT.
  7. When your computer is restarted - at the same time - replicate the issue AND run the GSI with Windows logs,
  8. Turn OFF KIS TRACES.
  9. Upload the (GIS).zip & (KIS TRACES) .zip to cloud storage of your choice & post back the link.
  10. Detail how WSL has been activated - via pgm ctl or ?
  11. Re: Ubuntu - which edition is currently activated?
  12. One final question b4 I take the 👀🐕for a walk, have any (WSL) command line utils ever worked, in your exact environment, i.e. Win10, KIS installed & WSL?
Please let us know?
Thanks.
Hi @FLOOD ,

hi, this is a known issue, should be resolved with patch "f"


I still can't understand why if you say it is a known issue you ask questions like this

Exactly, what is being used, (app, browser, another device, ???)


So, what about the issue you are aware about? Was it fixed and released in patch "f" and now it is not reproducible on your side?
Userlevel 7
Badge +11
I still can't understand why if you say it is a known issue you ask questions like this
Was it fixed and released in patch "f" ?

Hello Pavel Maltsev,
I didn't say "known issue, should be resolved with patch (f)".
Maybe you need to address your questions to the person who did.
As I've already explained, we're willing to help, however, it's a two way street, you provide information/data, we provide as much help as we can.
There may well be folks in the Community who have a perfect answer for you, I guess they'll post to your post and let you know.
Thank you.
Userlevel 7
Badge +5
Hi, yes, the patch "f" was released. If you still experience issues, please submit a ticket to technical support and send me the INC number via private message. Thank you.
Hello, people!
Today, patch g was released, and the problem was resolved.
Many thanks.