download: Enable TLS 1.3.

This reverts commit e4ee84202633636b4c8cef4a332f0c74912a3b23. * guix/build/download.scm (tls-wrap): Dot not disable TLS 1.3.
2019-12-19 00:32:11 +01:00 · 2019-12-19 00:32:11 +01:00 · 621fb83a1f
commit 621fb83a1f
parent e7453b3cb5
1 changed files with 2 additions and 13 deletions
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@ -158,7 +158,7 @@ out if the connection could not be established in less than TIMEOUT seconds."
 ;; See <http://bugs.gnu.org/12202>.
 (module-autoload! (current-module)
                  '(gnutls)
-                  '(gnutls-version make-session connection-end/client))
+                  '(make-session connection-end/client))

 (define %tls-ports
  ;; Mapping of session record ports to the underlying file port.
@ -273,18 +273,7 @@ host name without trailing dot."
    ;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>.
    ;; Explicitly disable SSLv3, which is insecure:
    ;; <https://tools.ietf.org/html/rfc7568>.
-    ;;
-    ;; FIXME: Since we currently fail to handle TLS 1.3 (with GnuTLS 3.6.5),
-    ;; remove it; see <https://bugs.gnu.org/34102>.
-    (set-session-priorities! session
-                             (string-append
-                              "NORMAL:%COMPAT:-VERS-SSL3.0"
-
-                              ;; The "VERS-TLS1.3" priority string is not
-                              ;; supported by GnuTLS 3.5.
-                              (if (string-prefix? "3.5." (gnutls-version))
-                                  ""
-                                  ":-VERS-TLS1.3")))
+    (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0")

    (set-session-credentials! session
                              (if (and verify-certificate? ca-certs)