GNU bug report logs - #48103
28.0.50; tls connection failing on invoking package-list-packages (and other operations)

Previous Next

Full log

View this message in rfc822 format

From: wilde <at> sha-bang.de
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 48103 <at> debbugs.gnu.org
Subject: bug#48103: 28.0.50; tls connection failing on invoking package-list-packages (and other operations)
Date: Tue, 04 May 2021 15:14:37 +0200

Lars Ingebrigtsen <larsi <at> gnus.org> wrote:

> wilde <at> sha-bang.de writes:
>
>> It turns out that setting 'gnutls-algorithm-priority to
>> "normal:-vers-tls1.3" fixes the problem for me:
>>   (setq gnutls-algorithm-priority "normal:-vers-tls1.3")
>>
>> The question that still remains is: why is this customization
>> necessary?
>
> It shouldn't be -- gnutls should degrade gracefully here, and your
> test
> with gnutls-cli seems to indicate that it does.  So it sounds like
> there's a bug in how Emacs interfaces with the gnutls library in this
> situation.

I agree, that this looks like a bug.

>> And why is it only necessary on this NetBSD system but on none of my
>> GNU/Linux systems?
>
> Perhaps the version of gnutls on NetBSD doesn't support TLS 1.3?

On my NetBSD system:

% gnutls-cli -l | grep -i tls1.3
TLS_AES_128_GCM_SHA256             0x13, 0x01      TLS1.3
TLS_AES_256_GCM_SHA384             0x13, 0x02      TLS1.3
TLS_CHACHA20_POLY1305_SHA256       0x13, 0x03      TLS1.3
TLS_AES_128_CCM_SHA256             0x13, 0x04      TLS1.3
TLS_AES_128_CCM_8_SHA256           0x13, 0x05      TLS1.3
Protocols: VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2, VERS-TLS1.3, VERS-DTLS0.9, 
VERS-DTLS1.0, VERS-DTLS1.2

This output is identical to the output I get on my GNU/Linux system
where the system does not exist.  So I'd assume the TLS 1.3 support does
not differ...

Thanks for your support,

sascha

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.