Mathieu Lirzin skribis:
> l...@gnu.org (Ludovic Courtès) writes:
>
>> Indeed, as soon as we add %COMPAT, ‘gnutls-cli’ et al. send a 253-byte
>> client hello (instead of 261) and the problem vanishes.
>>
>> Commit 967ee481e893fd77ff8ca896188e20e425331bf2 does that.
>
> \o/
>
> Thanks for taking th
l...@gnu.org (Ludovic Courtès) writes:
> Indeed, as soon as we add %COMPAT, ‘gnutls-cli’ et al. send a 253-byte
> client hello (instead of 261) and the problem vanishes.
>
> Commit 967ee481e893fd77ff8ca896188e20e425331bf2 does that.
\o/
Thanks for taking the time to debug this!
--
Mathieu Lirz
l...@gnu.org (Ludovic Courtès) skribis:
> $ while ./pre-inst-env guix download https://mirror.hydra.gnu.org/index.html
> ; do : ; done
Interestingly, the same loop with wget (which uses the very same GnuTLS)
goes on forever.
It turns out that instead of the default TLS cipher suite priority
str
Continuing my monologue. :-)
On the client side (with gnutls-cli), the handshake looks like:
--8<---cut here---start->8---
connect(4, {sa_family=AF_INET, sin_port=htons(443),
sin_addr=inet_addr("131.159.14.26")}, 16) = 0
writev(4,
[{"\26\3\1\1\0\1\0\0\374\3\
l...@gnu.org (Ludovic Courtès) skribis:
> $ while echo 'GET /index.html' | gnutls-cli mirror.hydra.gnu.org ; do : ; done
Same with GnuTLS 3.4.11.
Ludo’.
l...@gnu.org (Ludovic Courtès) skribis:
> Sometimes, TLS handshakes fail in strange ways (the following happens
> after a dozen of iterations; I’ve enabled GnuTLS debugging in (guix
> build download) here):
Can also be reproduced like this:
--8<---cut here---start
Sometimes, TLS handshakes fail in strange ways (the following happens
after a dozen of iterations; I’ve enabled GnuTLS debugging in (guix
build download) here):
--8<---cut here---start->8---
$ while ./pre-inst-env guix download https://mirror.hydra.gnu.org/index
