From 621fb83a1fde948b3b7eea37bdc378cbf1b3d11e Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 19 Dec 2019 00:32:11 +0100 Subject: [PATCH] download: Enable TLS 1.3. This reverts commit e4ee84202633636b4c8cef4a332f0c74912a3b23. * guix/build/download.scm (tls-wrap): Dot not disable TLS 1.3. --- guix/build/download.scm | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/guix/build/download.scm b/guix/build/download.scm index 141ef409d6..53a144f126 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -158,7 +158,7 @@ (define* (ftp-fetch uri file #:key timeout print-build-trace?) ;; See . (module-autoload! (current-module) '(gnutls) - '(gnutls-version make-session connection-end/client)) + '(make-session connection-end/client)) (define %tls-ports ;; Mapping of session record ports to the underlying file port. @@ -273,18 +273,7 @@ (define (log level str) ;; "(gnutls) Priority Strings"); see . ;; Explicitly disable SSLv3, which is insecure: ;; . - ;; - ;; FIXME: Since we currently fail to handle TLS 1.3 (with GnuTLS 3.6.5), - ;; remove it; see . - (set-session-priorities! session - (string-append - "NORMAL:%COMPAT:-VERS-SSL3.0" - - ;; The "VERS-TLS1.3" priority string is not - ;; supported by GnuTLS 3.5. - (if (string-prefix? "3.5." (gnutls-version)) - "" - ":-VERS-TLS1.3"))) + (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0") (set-session-credentials! session (if (and verify-certificate? ca-certs)