AUR error net/http: TLS handshake timeout

HDArtworks · 2022-10-12 11:45:08

Hi.
I installed archlinux after a long time and installed yay.
I use this command to search google chrome:

yay -Ss google-chrome

And get this error:

 -> Error during AUR search: request failed: Get "https://aur.archlinux.org/rpc?arg=google-chrome&by=name-desc&type=search&v=5": net/http: TLS handshake timeout

 -> Showing repo packages only
archlinuxcn/chromedriver 106.0.5249.61-1 (5.3 MiB 12.5 MiB) 
    Standalone server that implements the W3C WebDriver standard (for google-chrome)

Same error for installing it:

  -> request failed: Get "https://aur.archlinux.org/rpc?arg%5B%5D=google-chrome&type=info&v=5": net/http: TLS handshake timeout

I thought maybe my ISP blocked AUR but I can open and download files in AUR with my firefox browser.

How can I fix this problem?

Thanks.

WorMzy · 2022-10-12 12:32:11

Mod note: Moving to AUR Issues.

HDArtworks · 2022-10-14 18:20:40

Still trying to fix the problem.

WorMzy · 2022-10-14 18:46:41

Please don't bump.

seth · 2022-10-14 21:23:43

Still trying to fix the problem.

How? Did you try

curl -v 'https://aur.archlinux.org/rpc?arg=google-chrome&by=name-desc&type=search&v=5' > /dev/null

Can you just clone the package and build it w/ makepkg?

Harryrrah · 2025-12-06 06:54:35

I'm facing the same issue. When I activate IPv6 (in parallel to IPv4), I'm getting also a timeout:

$ yay -S poster 
 -> 1 error occurred:
	* request failed: Get "https://aur.archlinux.org/rpc?arg%5B%5D=poster&type=info&v=5": net/http: TLS handshake timeout


 -> Failed to find AUR package for poster:1 error occurred:
	* request failed: Get "https://aur.archlinux.org/rpc?arg=poster&by=provides&type=search&v=5": net/http: TLS handshake timeout


 -> No AUR package found for poster
 there is nothing to do

$ curl -v 'https://aur.archlinux.org/rpc?arg%5B%5D=poster&type=info&v=5' > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host aur.archlinux.org:443 was resolved.
* IPv6: 2604:cac0:a104:d::2
* IPv4: 209.126.35.78
*   Trying [2604:cac0:a104:d::2]:443...
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1563 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
  0     0    0     0    0     0      0      0 --:--:--  0:01:01 --:--:--     0* Recv failure: Connection reset by peer
* TLS connect error: error:00000000:lib(0)::reason(0)
* OpenSSL SSL_connect: Connection reset by peer in connection to aur.archlinux.org:443 
  0     0    0     0    0     0      0      0 --:--:--  0:01:01 --:--:--     0
* closing connection #0
curl: (35) Recv failure: Connection reset by peer

After a few retries, the connection works like a charm. But I'm not sure if the OS tries with IPv4 after a few fails. I'm also facing the behavior sometimes on other services like https://hub.docker.com/ or streaming services. What is the behavior here from the OS? Is there a automatic fallback/switch between IPv4 and IPv6 connections?

When I facing the issue, I also tried instantly downloads on ipv4, ipv6, dualstack on https://ip.zuim.de/ to find out if there is an issue with my provider (Deutsche Telekom). But I was not able to reproduce the behavior on the testpage.

Now I'm trying to pinpoint the issue. Any ideas what I can test additionally?

Last edited by Harryrrah (2025-12-06 06:55:15)

seth · 2025-12-06 09:17:35

Recv failure: Connection reset by peer

smells like you're cut, possibly because of https://archlinux.org/news/recent-services-outages/

Is there a automatic fallback/switch between IPv4 and IPv6 connections?

Try

curl -6 -v …

Harryrrah · 2025-12-06 16:25:54

I was able to reproduce the behavior. I reset my IPv6 address (ip addr delete ....) and get a new IPv6 address. I tried a curl -6 on other domain which works:

curl -6 -v 'https://google.de' > /dev/null 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host google.de:443 was resolved.
* IPv6: 2a00:1450:4016:80a::2003
* IPv4: (none)
*   Trying [2a00:1450:4016:80a::2003]:443...
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1555 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [1210 bytes data]
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3817 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.google.de
*  start date: Oct 27 08:36:26 2025 GMT
*  expire date: Jan 19 08:36:25 2026 GMT
*  subjectAltName: host "google.de" matched cert's "google.de"
*  issuer: C=US; O=Google Trust Services; CN=WR2
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
* Established connection to google.de (2a00:1450:4016:80a::2003 port 443) from 2003:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx port 41134 
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://google.de/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: google.de]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.16.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET / HTTP/2
> Host: google.de
> User-Agent: curl/8.16.0
> Accept: */*
> 
* Request completely sent off
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [283 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [283 bytes data]
< HTTP/2 301 
< location: https://www.google.de/
< content-type: text/html; charset=UTF-8
< content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-vmqThjd8_i-F19Nf7YQ3kg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< date: Sat, 06 Dec 2025 16:19:41 GMT
< expires: Mon, 05 Jan 2026 16:19:41 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 219
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
< 
{ [5 bytes data]
100   219  100   219    0     0   1134      0 --:--:-- --:--:-- --:--:--  1134
* Connection #0 to host google.de:443 left intact

But a request with curl -6 on aur.archlinux.org fails:

$ curl -6 -v 'https://aur.archlinux.org/rpc?arg%5B%5D=poster&type=info&v=5' > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host aur.archlinux.org:443 was resolved.
* IPv6: 2604:cac0:a104:d::2
* IPv4: (none)
*   Trying [2604:cac0:a104:d::2]:443...
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1563 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
  0     0    0     0    0     0      0      0 --:--:--  0:01:00 --:--:--     0* Recv failure: Connection reset by peer
* TLS connect error: error:00000000:lib(0)::reason(0)
* OpenSSL SSL_connect: Connection reset by peer in connection to aur.archlinux.org:443 
  0     0    0     0    0     0      0      0 --:--:--  0:01:00 --:--:--     0
* closing connection #0
curl: (35) Recv failure: Connection reset by peer

A second call a few seconds later worked:

$ curl -6 -v 'https://aur.archlinux.org/rpc?arg%5B%5D=poster&type=info&v=5' > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host aur.archlinux.org:443 was resolved.
* IPv6: 2604:cac0:a104:d::2
* IPv4: (none)
*   Trying [2604:cac0:a104:d::2]:443...
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1563 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [1210 bytes data]
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2047 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=aur.archlinux.org
*  start date: Nov 16 01:54:00 2025 GMT
*  expire date: Feb 14 01:53:59 2026 GMT
*  subjectAltName: host "aur.archlinux.org" matched cert's "aur.archlinux.org"
*  issuer: C=US; O=Let's Encrypt; CN=E8
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Established connection to aur.archlinux.org (2604:cac0:a104:d::2 port 443) from 2003:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx port 45188 
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://aur.archlinux.org/rpc?arg%5B%5D=poster&type=info&v=5
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: aur.archlinux.org]
* [HTTP/2] [1] [:path: /rpc?arg%5B%5D=poster&type=info&v=5]
* [HTTP/2] [1] [user-agent: curl/8.16.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /rpc?arg%5B%5D=poster&type=info&v=5 HTTP/2
> Host: aur.archlinux.org
> User-Agent: curl/8.16.0
> Accept: */*
> 
* Request completely sent off
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
< HTTP/2 200 
< server: nginx
< date: Sat, 06 Dec 2025 16:13:12 GMT
< content-type: application/json
< content-length: 484
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< 
{ [484 bytes data]
100   484  100   484    0     0   2865      0 --:--:-- --:--:-- --:--:--  2880
* Connection #0 to host aur.archlinux.org:443 left intact

seth · 2025-12-06 16:29:25

A second call a few seconds later worked:

This is very most likely part of the DDOS mitigation

Harryrrah · 2025-12-06 18:37:24

seth wrote:

This is very most likely part of the DDOS mitigation

Is there anything I can do to avoid this? Does it make sense to get into contact with my ISP?
It is very annoying to wait ~30 seconds and need 2-5 retries until the connection works.

And what is a little bit strange, this is not a AUR/Arch phenomenon only. I have the same issue with other services like Docker Hub. I also can't remember to had this kind of issues with my old ISP and IPV6.

seth · 2025-12-06 20:10:32

Does docker hub also reset the connection?
Test the behavior w/ some live distro like grml.org to rule out a weird local bug.
You can then contact accountsupport.archlinux.org - it's not very likely that your ISP is at fault here (as much as it pains me to say that)

can't remember to had this kind of issues with my old ISP

Also likely before we were all blessed w/ AI and idiots who're running AI scrapers on the internet nonstop in the hope to one day come up w/ an actual business idea?

Harryrrah · 2025-12-07 09:05:18

seth wrote:

Does docker hub also reset the connection?
Test the behavior w/ some live distro like grml.org to rule out a weird local bug.
You can then contact accountsupport.archlinux.org - it's not very likely that your ISP is at fault here (as much as it pains me to say that)
can't remember to had this kind of issues with my old ISP
Also likely before we were all blessed w/ AI and idiots who're running AI scrapers on the internet nonstop in the hope to one day come up w/ an actual business idea?

I think it is more an issue on my ISP side. By poking around I have identified some pages where I have a similar issue. The problem is on all my devices in my home network (WLAN and LAN devices), so it should not be a local bug. When I use my mobile phone and switch from home network to mobile network, the connection works instantaneously. In the meantime, I also believe that I can rule out a problem with my local network and router, as I only have the problem with specific sites and it is more likely to be a routing issue.

Thank you very much for your support and patience. I think we can pause here for now. I have requested support from my ISP now and I can reply when I have some news.

Arch Linux

#1 2022-10-12 11:45:08

AUR error net/http: TLS handshake timeout

#2 2022-10-12 12:32:11

Re: AUR error net/http: TLS handshake timeout

#3 2022-10-14 18:20:40

Re: AUR error net/http: TLS handshake timeout

#4 2022-10-14 18:46:41

Re: AUR error net/http: TLS handshake timeout

#5 2022-10-14 21:23:43

Re: AUR error net/http: TLS handshake timeout

#6 2025-12-06 06:54:35

Re: AUR error net/http: TLS handshake timeout

#7 2025-12-06 09:17:35

Re: AUR error net/http: TLS handshake timeout

#8 2025-12-06 16:25:54

Re: AUR error net/http: TLS handshake timeout

#9 2025-12-06 16:29:25

Re: AUR error net/http: TLS handshake timeout

#10 2025-12-06 18:37:24

Re: AUR error net/http: TLS handshake timeout

#11 2025-12-06 20:10:32

Re: AUR error net/http: TLS handshake timeout

#12 2025-12-07 09:05:18

Re: AUR error net/http: TLS handshake timeout

Board footer