From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: "Herbert J. Skuhra" <herbert@gojira.at>
Newsgroups: gmane.emacs.devel
Subject: Re: eww + w3m / GnuTLS TLSv1 support ?
Date: Mon, 14 Feb 2022 14:25:03 +0100
Message-ID: <87leyd7f80.wl-herbert@gojira.at>
References: <hhsfsmvmns.fsf@jvdspc.jvds.net>
 <YgknRx/DfkZeyMGC@mail.bsd4all.net>
 <CALyZvKwhAOazz0OzuCDFOzvJWaKwJzyu_XQQLbYCNYpcCm-31Q@mail.gmail.com>
 <83v8xipufe.fsf@gnu.org>
 <CALyZvKz8WGoFZcMmjO5JkGSixN7MspvV7zCLN=Hm5zNdPkw34A@mail.gmail.com>
Mime-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="17292"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.0 Mule/6.0
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Feb 14 15:48:17 2022
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1nJceD-00047A-Hl
	for ged-emacs-devel@m.gmane-mx.org; Mon, 14 Feb 2022 15:48:13 +0100
Original-Received: from localhost ([::1]:53968 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1nJce9-00081T-Rv
	for ged-emacs-devel@m.gmane-mx.org; Mon, 14 Feb 2022 09:48:10 -0500
Original-Received: from eggs.gnu.org ([209.51.188.92]:60758)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <herbert@gojira.at>) id 1nJbMH-0005JM-Ma
 for emacs-devel@gnu.org; Mon, 14 Feb 2022 08:25:38 -0500
Original-Received: from mail.bsd4all.net ([94.130.200.20]:64272)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <herbert@gojira.at>) id 1nJbME-0004IB-RN
 for emacs-devel@gnu.org; Mon, 14 Feb 2022 08:25:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gojira.at;
 s=mail202005; t=1644845130;
 bh=ffxKGsEP43nO9UmADJaaFll7mGkx5IsxqExIpX7/JgY=;
 h=Date:Message-ID:From:To:Subject:MIME-Version:Content-Type;
 b=rTVFa3+Qr7RYb2IU+1uyNp3I+BAy1nfamKawdrscUOMY6PTJjfkdmdSqSr76vfG6o
 WFi3UAaQr1DXmfxaQKZLmndyC6vQHz206Rc9YbrryUM9DH+qOZ0/LYJAB8smO9y2Ks
 0hL9Grf03LJY8StMvPCFS5N9murT9YVlyNNriPKXET5Acsf8vyXwLRuTwf/4c3/F4S
 ohzJGK4CyX914kB7B2pwDB4zHfmI24MCIrDO9DMqx4hZDGlqz2fcdJLA/JTiXTUxEb
 TSSL0iBrq9buNBmwEKrvpe7rSHR4xFJhQyDoLW4V9/0s/VxsQd3+PwfIV/ELR33JQG
 z15AnIfj+LU1A==
In-Reply-To: <CALyZvKz8WGoFZcMmjO5JkGSixN7MspvV7zCLN=Hm5zNdPkw34A@mail.gmail.com>
Received-SPF: pass client-ip=94.130.200.20; envelope-from=herbert@gojira.at;
 helo=mail.bsd4all.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:286273
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/286273>

On Mon, 14 Feb 2022 13:34:04 +0100, Jason Vas Dias wrote:
> =

> Thanks, Eli -
> =

>   I did try setting :
> =

>   (set-variable gnutls-algorithm-priority
>    "LEGACY:VERS-TLS1.3:VERS-TLS1.2:VERS-TLS1.1:VERS-TLS1.0"
>   )
>   (set-variable my-tls-stream (open-gnutls-stream "tls" "tls-buffer"
> "192.168.1.1" "https")
>   )
> =

>  but still no joy :
> =

> gnutls.el: (err=3D[-50] The request is invalid.) boot: (:priority
> LEGACY:VERS-TLS1.3:VERS-TLS1.2:VERS-TLS1.1:VERS-TLS1.0 :hostname
> 192.168.1.1 :loglevel 0 :min-prime-bits nil :trustfiles
> (/etc/pki/tls/certs/ca-bundle.crt /etc/ssl/cert.pem) :crlfiles nil
> :keylist nil :verify-flags nil :verify-error nil :callbacks nil)
> gnutls-negotiate: GnuTLS error: #<process tls>, -50
> =

>   On browsers, once I have got one to accept trying to use
>   TLSv1.0 , which ATM stiil seems not to be possible,
>   the next thing is I have to add the router's self-signed
>   certificate to the browser's trust store, usually through some
>   Advanced -> Add Security Exception "Site Security Exception List" -=

>   is there such a list for GnuTLS ? Or a way of specifying the
>   equivalent of curls' '-k': 'do not validate certificate trust chain=
' option ?

What operating system and version do you use? What Emacs and GnuTLS
version?

I cannot reproduce any of your issues. Here gnutls-algorithm-priority
is nil (default) and when I try to connect to my Snom phone with eww
the Network Security Manager shows a warning and prompts me to confirm
the low security connection. =


And in Firefox I only had=A0to set
security.tls.version.enable-deprecated to true. Maybe try to get an
offical binary from: https://ftp.mozilla.org/pub/firefox/releases/

--
Herbert