Hi,
I am trying to install a new instance of cygwin on Windows 2016 Server MSDN
instance and am having problems downloading the mirrors list:
2021/02/05 14:21:39 connection error: 12029 fetching
https://cygwin.com/mirrors.lst
Using Wireshark and configuration options in Firefox, the root cause appears to
be that the setup-x86_64.exe is trying to use TLSv1.0 and SSLv3 to download
this file, but the download is failing as the response is a fatal TLS alert:
invalid protocol (2/70). Many Internet servers have been shutting off
TLSv1.0/SSLv3 in favor of TLSv1.2/1.3 these days, is this a case of that? If
so, the setup app needs to be updated.
I can specify a specific server URL after the mirrors.lst download fails and
can at least get something installed.
Is there any workaround to force setup-x86_64.exe to default to TLSv1.2/1.3? Or
is this something that the MSDN version of Windows 2016 Server has configured?
More details/symptoms:
I am behind a firewall, but the proxy settings in IE allow me to tunnel out.
The corresponding "Use System Proxy Settings" in Firefox works fine. But when I
set the TLS settings in Firefox's "about:config" to use only TLSv1.0/SSLv3, I
see the same alert being returned to Firefox.
Wireshark reports:
CONNECT cygwin.com:443 HTTP1.0 ->
User-Agent: ...deleted
<- HTTP/1.0 200 Connection established
ClientHello ->
v1.0
<- Fatal Alert: 2/70
Supposedly SCHANNEL has TLSv1.2 on by default, but have no idea how the setup
app is written.
https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-
https://docs.microsoft.com/en-us/archive/blogs/kaushal/support-for-ssltls-protocols-on-windows
My previous installs of cygwin aren't having any problems when trying to
incrementally add software, maybe the mirrors file is cached somewhere?
Thanks for any tips,
Brad
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
