aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2019-12-19 00:32:11 +0100
committerMarius Bakke <mbakke@fastmail.com>2019-12-26 14:29:43 +0100
commit621fb83a1fde948b3b7eea37bdc378cbf1b3d11e (patch)
tree74cc198195212646e22d8a712126cea0b450dde3
parente7453b3cb58faaa756f6dacc49704879fa1f4722 (diff)
downloadguix-621fb83a1fde948b3b7eea37bdc378cbf1b3d11e.tar
guix-621fb83a1fde948b3b7eea37bdc378cbf1b3d11e.tar.gz
download: Enable TLS 1.3.
This reverts commit e4ee84202633636b4c8cef4a332f0c74912a3b23. * guix/build/download.scm (tls-wrap): Dot not disable TLS 1.3.
-rw-r--r--guix/build/download.scm15
1 files changed, 2 insertions, 13 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 141ef409d6..53a144f126 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -158,7 +158,7 @@ out if the connection could not be established in less than TIMEOUT seconds."
;; See <http://bugs.gnu.org/12202>.
(module-autoload! (current-module)
'(gnutls)
- '(gnutls-version make-session connection-end/client))
+ '(make-session connection-end/client))
(define %tls-ports
;; Mapping of session record ports to the underlying file port.
@@ -273,18 +273,7 @@ host name without trailing dot."
;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>.
;; Explicitly disable SSLv3, which is insecure:
;; <https://tools.ietf.org/html/rfc7568>.
- ;;
- ;; FIXME: Since we currently fail to handle TLS 1.3 (with GnuTLS 3.6.5),
- ;; remove it; see <https://bugs.gnu.org/34102>.
- (set-session-priorities! session
- (string-append
- "NORMAL:%COMPAT:-VERS-SSL3.0"
-
- ;; The "VERS-TLS1.3" priority string is not
- ;; supported by GnuTLS 3.5.
- (if (string-prefix? "3.5." (gnutls-version))
- ""
- ":-VERS-TLS1.3")))
+ (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0")
(set-session-credentials! session
(if (and verify-certificate? ca-certs)