From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Andy Wingo <wingo@igalia.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#25061: consider adding %COMPAT to default gnutls priority string
Date: Tue, 29 Nov 2016 11:24:53 +0100
Message-ID: <87zikiwpl6.fsf@igalia.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: blaine.gmane.org 1480415180 24235 195.159.176.226 (29 Nov 2016 10:26:20 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Tue, 29 Nov 2016 10:26:20 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
Cc: ludo@gnu.org
To: 25061@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Nov 29 11:26:16 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1cBfc7-0005oA-7d
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Nov 2016 11:26:15 +0100
Original-Received: from localhost ([::1]:35821 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1cBfcB-0004GP-04
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Nov 2016 05:26:19 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36041)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1cBfc0-0004Er-EE
	for bug-gnu-emacs@gnu.org; Tue, 29 Nov 2016 05:26:09 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1cBfbu-00033l-RN
	for bug-gnu-emacs@gnu.org; Tue, 29 Nov 2016 05:26:08 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:58489)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1cBfbu-00033a-Kn
	for bug-gnu-emacs@gnu.org; Tue, 29 Nov 2016 05:26:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1cBfbu-00045V-AO
	for bug-gnu-emacs@gnu.org; Tue, 29 Nov 2016 05:26:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Andy Wingo <wingo@igalia.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 29 Nov 2016 10:26:02 +0000
Resent-Message-ID: <handler.25061.B.148041511515654@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 25061
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Original-Received: via spool by submit@debbugs.gnu.org id=B.148041511515654
	(code B ref -1); Tue, 29 Nov 2016 10:26:02 +0000
Original-Received: (at submit) by debbugs.gnu.org; 29 Nov 2016 10:25:15 +0000
Original-Received: from localhost ([127.0.0.1]:45655 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1cBfb8-00044Q-R1
	for submit@debbugs.gnu.org; Tue, 29 Nov 2016 05:25:15 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:44599)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <wingo@igalia.com>) id 1cBfb7-00044D-He
	for submit@debbugs.gnu.org; Tue, 29 Nov 2016 05:25:13 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <wingo@igalia.com>) id 1cBfb1-0002Ya-BF
	for submit@debbugs.gnu.org; Tue, 29 Nov 2016 05:25:08 -0500
Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:43602)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <wingo@igalia.com>) id 1cBfb1-0002YP-86
	for submit@debbugs.gnu.org; Tue, 29 Nov 2016 05:25:07 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35547)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <wingo@igalia.com>) id 1cBfax-0003Va-0Q
	for bug-gnu-emacs@gnu.org; Tue, 29 Nov 2016 05:25:07 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <wingo@igalia.com>) id 1cBfas-0002TZ-7H
	for bug-gnu-emacs@gnu.org; Tue, 29 Nov 2016 05:25:03 -0500
Original-Received: from pb-sasl1.pobox.com ([64.147.108.66]:62090
	helo=sasl.smtp.pobox.com)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <wingo@igalia.com>)
	id 1cBfas-0002TE-3E; Tue, 29 Nov 2016 05:24:58 -0500
Original-Received: from sasl.smtp.pobox.com (unknown [127.0.0.1])
	by pb-sasl1.pobox.com (Postfix) with ESMTP id 1037D49F2E;
	Tue, 29 Nov 2016 05:24:57 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc
	:subject:date:message-id:mime-version:content-type
	:content-transfer-encoding; s=sasl; bh=gVVIx23F1jzyt4RZO+SeStTzi
	dM=; b=JumRDI1NrR3+mEAbLrxvjWJd6FB6c5iD61AHxgZgMXebmtGmxUNnjaHdy
	2x3almH8rTOt5Hco83Y5ifoskdYbwpz8vw34yZgSiHvnHh8Jt0PTiexTd8MG5dE4
	z+pXQAh4zVRVt3qf7nsaMxk23NHAqHU2pOimV8IbeYC9iGXPaY=
Original-Received: from pb-sasl1.nyi.icgroup.com (unknown [127.0.0.1])
	by pb-sasl1.pobox.com (Postfix) with ESMTP id 0776F49F2B;
	Tue, 29 Nov 2016 05:24:57 -0500 (EST)
Original-Received: from rusty (unknown [88.160.190.192])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pb-sasl1.pobox.com (Postfix) with ESMTPSA id 457D649F2A;
	Tue, 29 Nov 2016 05:24:56 -0500 (EST)
X-Pobox-Relay-ID: 12EC1FDE-B61E-11E6-9773-B2316462E9F6-02397024!pb-sasl1.pobox.com
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:126241
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/126241>

There have been reports of errors from people using melpa and so on
which manifest themselves as:

    gnutls.c: [0] (Emacs) fatal error: The TLS connection was non-properly =
terminated.

However I think maybe that's just the symptom and not the cause; see the
previous report:

    https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D25060

Ludovic Court=C3=A8s was seeing a similar issue to the one that people are
reporting for melpa etc in Guix, where we also use GnuTLS though not in
Emacs.  He then found that GNU wget, which also uses GnuTLS, wasn't
exhibiting the same behavior.  He was eventually able to reproduce the
problem with just gnutls-cli.  He tracked down the difference in that if
he adds %COMPAT to the priority list, then he has no problems:

    https://lists.gnu.org/archive/html/bug-guix/2016-04/msg00098.html
    http://bugs.gnu.org/23311

Note that the problem only exhibits itself for some web sites, and only
some of the time.  It manifested itself as a timeout where the server
would get stuck, which could explain that people are unable to fetch
packages then blame the problem on the spurious post-close error message
from bug 25060.

So, as Ludovic suggests in his message, a workaround might be:

    (setq gnutls-algorithm-priority "NORMAL:%COMPAT")

See Ludovic's message for some justification.  Just an idea.  I have
been trying to reproduce the problem that people report locally as some
TLS errors but I have not been able to.

Andy