From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers Date: Wed, 16 Jan 2019 14:33:15 +0100 Message-ID: <875zuoiv6s.fsf@fastmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:59388) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gjlKZ-0008Bs-88 for bug-guix@gnu.org; Wed, 16 Jan 2019 08:34:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gjlKV-0005Mg-I3 for bug-guix@gnu.org; Wed, 16 Jan 2019 08:34:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:33447) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gjlKU-0005K3-DJ for bug-guix@gnu.org; Wed, 16 Jan 2019 08:34:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gjlKT-0001M9-PN for bug-guix@gnu.org; Wed, 16 Jan 2019 08:34:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([209.51.188.92]:58755) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gjlK1-00085O-7x for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gjlJz-0003CA-71 for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:33 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:51673) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gjlJt-0002wy-MZ for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:27 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id D62E7200E3 for ; Wed, 16 Jan 2019 08:33:21 -0500 (EST) Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 411A9E455C for ; Wed, 16 Jan 2019 08:33:21 -0500 (EST) List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 34102@debbugs.gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello! On the staging branch (with GnuTLS 3.6), `guix download` will negotiate TLSv1.3 with servers that support it, and fail shortly after the initial handshake: $ ./pre-inst-env guix download https://data.iana.org Starting download of /tmp/guix-file.vJ4v7h From=20https://data.iana.org... Throw to key `gnutls-error' with args `(# read_from_session_record_port)'. failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org" guix download: error: https://data.iana.org: download failed The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0], and I suspect the problem is that Guix (or the GnuTLS Guile bindings) does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my attempts at catching it (or any error code) has been unfruitful. This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the priority string works as a last-resort workaround. [0] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlw/MpsACgkQoqBt8qM6 VPrmBAf+Np1ZUW6Ig+q1x89okOiySN/6RlYhtDFOcB4VV3rvRa33HCXrsSpvauSw WTloJ3qz7mMow0QeG9bPt+3YsO8HnhNoe/vmJTPtRs7nzPRrvFK9dDEn/sgmIrvg Kxd95V2NLxnrEB3KiFzlf3rsZHMEC1zaBF9BgPEUYARheS2N0yH4N9U9HyieCH5S ckqUHMH+PMuWYsUaqgXkD1XBYD7d7L9Hy/uLI3X47cJpLytBQB0TEmaOr2pqEgrg bT1Gv0godCL1+bmRNv57DmKQXhKFNBgMsx+h12Lu/D/Z1rju+ywRxvJSS8jdLjY8 T6ldlxmOHUSfmYO9I1V+Tfi8bo+acg== =s8VF -----END PGP SIGNATURE----- --=-=-=--