From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: wilde@sha-bang.de
Newsgroups: gmane.emacs.bugs
Subject: bug#48103: 28.0.50;
 tls connection failing on invoking package-list-packages (and other
 operations)
Date: Tue, 04 May 2021 15:14:37 +0200
Message-ID: <874kfiljya.fsf@tammy.lan.sha-bang.de>
References: <87mtth87yw.fsf@tammy.lan.sha-bang.de> <87eeepk233.fsf@gnus.org>
 <87o8ds9lcf.fsf@tammy.lan.sha-bang.de> <87pmy6an42.fsf@gnus.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="37030"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (berkeley-unix)
Cc: 48103@debbugs.gnu.org
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue May 04 15:15:10 2021
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1ldutJ-0009Xx-Tl
	for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 04 May 2021 15:15:09 +0200
Original-Received: from localhost ([::1]:59486 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1ldutI-00037m-UN
	for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 04 May 2021 09:15:08 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:39914)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ldutC-00037V-DT
 for bug-gnu-emacs@gnu.org; Tue, 04 May 2021 09:15:02 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:41606)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ldutC-0000Wa-6k
 for bug-gnu-emacs@gnu.org; Tue, 04 May 2021 09:15:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ldutC-0007dt-2r
 for bug-gnu-emacs@gnu.org; Tue, 04 May 2021 09:15:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: wilde@sha-bang.de
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 04 May 2021 13:15:02 +0000
Resent-Message-ID: <handler.48103.B48103.162013408429357@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 48103
X-GNU-PR-Package: emacs
Original-Received: via spool by 48103-submit@debbugs.gnu.org id=B48103.162013408429357
 (code B ref 48103); Tue, 04 May 2021 13:15:02 +0000
Original-Received: (at 48103) by debbugs.gnu.org; 4 May 2021 13:14:44 +0000
Original-Received: from localhost ([127.0.0.1]:53151 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1ldusu-0007dR-Cc
 for submit@debbugs.gnu.org; Tue, 04 May 2021 09:14:44 -0400
Original-Received: from mail2.sha-bang.de ([78.47.120.114]:60566 helo=mail.sha-bang.de)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <wilde@sha-bang.de>) id 1ldusr-0007dL-Oy
 for 48103@debbugs.gnu.org; Tue, 04 May 2021 09:14:42 -0400
Original-Received: from tammy.sha-bang.de (tammy.sha-bang.de
 [IPv6:2001:470:69d1:bad:227:eff:fe11:1a71])
 by mail.sha-bang.de (Postfix) with ESMTPSA id 76A9D26C;
 Tue,  4 May 2021 15:14:39 +0200 (CEST)
Original-Received: by tammy.sha-bang.de (Postfix, from userid 1000)
 id D844F5A79; Tue,  4 May 2021 15:14:37 +0200 (CEST)
In-Reply-To: <87pmy6an42.fsf@gnus.org> (Lars Ingebrigtsen's message of "Tue,
 04 May 2021 11:01:49 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:205607
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/205607>

Lars Ingebrigtsen <larsi@gnus.org> wrote:

> wilde@sha-bang.de writes:
>
>> It turns out that setting 'gnutls-algorithm-priority to
>> "normal:-vers-tls1.3" fixes the problem for me:
>>   (setq gnutls-algorithm-priority "normal:-vers-tls1.3")
>>
>> The question that still remains is: why is this customization
>> necessary?
>
> It shouldn't be -- gnutls should degrade gracefully here, and your
> test
> with gnutls-cli seems to indicate that it does.  So it sounds like
> there's a bug in how Emacs interfaces with the gnutls library in this
> situation.

I agree, that this looks like a bug.

>> And why is it only necessary on this NetBSD system but on none of my
>> GNU/Linux systems?
>
> Perhaps the version of gnutls on NetBSD doesn't support TLS 1.3?

On my NetBSD system:

% gnutls-cli -l | grep -i tls1.3
TLS_AES_128_GCM_SHA256             0x13, 0x01      TLS1.3
TLS_AES_256_GCM_SHA384             0x13, 0x02      TLS1.3
TLS_CHACHA20_POLY1305_SHA256       0x13, 0x03      TLS1.3
TLS_AES_128_CCM_SHA256             0x13, 0x04      TLS1.3
TLS_AES_128_CCM_8_SHA256           0x13, 0x05      TLS1.3
Protocols: VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2, VERS-TLS1.3, VERS-DTLS0.9, 
VERS-DTLS1.0, VERS-DTLS1.2

This output is identical to the output I get on my GNU/Linux system
where the system does not exist.  So I'd assume the TLS 1.3 support does
not differ...

Thanks for your support,

sascha