From: "Herbert J. Skuhra" <herbert@gojira.at>
To: emacs-devel@gnu.org
Subject: Re: eww + w3m / GnuTLS TLSv1 support ?
Date: Mon, 14 Feb 2022 14:25:03 +0100 [thread overview]
Message-ID: <87leyd7f80.wl-herbert@gojira.at> (raw)
In-Reply-To: <CALyZvKz8WGoFZcMmjO5JkGSixN7MspvV7zCLN=Hm5zNdPkw34A@mail.gmail.com>
On Mon, 14 Feb 2022 13:34:04 +0100, Jason Vas Dias wrote:
>
> Thanks, Eli -
>
> I did try setting :
>
> (set-variable gnutls-algorithm-priority
> "LEGACY:VERS-TLS1.3:VERS-TLS1.2:VERS-TLS1.1:VERS-TLS1.0"
> )
> (set-variable my-tls-stream (open-gnutls-stream "tls" "tls-buffer"
> "192.168.1.1" "https")
> )
>
> but still no joy :
>
> gnutls.el: (err=[-50] The request is invalid.) boot: (:priority
> LEGACY:VERS-TLS1.3:VERS-TLS1.2:VERS-TLS1.1:VERS-TLS1.0 :hostname
> 192.168.1.1 :loglevel 0 :min-prime-bits nil :trustfiles
> (/etc/pki/tls/certs/ca-bundle.crt /etc/ssl/cert.pem) :crlfiles nil
> :keylist nil :verify-flags nil :verify-error nil :callbacks nil)
> gnutls-negotiate: GnuTLS error: #<process tls>, -50
>
> On browsers, once I have got one to accept trying to use
> TLSv1.0 , which ATM stiil seems not to be possible,
> the next thing is I have to add the router's self-signed
> certificate to the browser's trust store, usually through some
> Advanced -> Add Security Exception "Site Security Exception List" -
> is there such a list for GnuTLS ? Or a way of specifying the
> equivalent of curls' '-k': 'do not validate certificate trust chain' option ?
What operating system and version do you use? What Emacs and GnuTLS
version?
I cannot reproduce any of your issues. Here gnutls-algorithm-priority
is nil (default) and when I try to connect to my Snom phone with eww
the Network Security Manager shows a warning and prompts me to confirm
the low security connection.
And in Firefox I only had to set
security.tls.version.enable-deprecated to true. Maybe try to get an
offical binary from: https://ftp.mozilla.org/pub/firefox/releases/
--
Herbert
next prev parent reply other threads:[~2022-02-14 13:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-13 14:58 eww + w3m / GnuTLS TLSv1 support ? Jason Vas Dias
2022-02-13 15:44 ` Herbert J. Skuhra
2022-02-13 16:48 ` Jason Vas Dias
2022-02-13 17:07 ` Eli Zaretskii
2022-02-14 12:34 ` Jason Vas Dias
2022-02-14 13:25 ` Herbert J. Skuhra [this message]
2022-02-14 13:36 ` Jason Vas Dias
2022-02-14 18:51 ` chad
2022-02-15 12:52 ` Jason Vas Dias
2022-02-15 12:55 ` Jason Vas Dias
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87leyd7f80.wl-herbert@gojira.at \
--to=herbert@gojira.at \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).