From 621fb83a1fde948b3b7eea37bdc378cbf1b3d11e Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Thu, 19 Dec 2019 00:32:11 +0100
Subject: download: Enable TLS 1.3.

This reverts commit e4ee84202633636b4c8cef4a332f0c74912a3b23.

* guix/build/download.scm (tls-wrap): Dot not disable TLS 1.3.
---
 guix/build/download.scm | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

(limited to 'guix')

diff --git a/guix/build/download.scm b/guix/build/download.scm
index 141ef409d6..53a144f126 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -158,7 +158,7 @@ out if the connection could not be established in less than TIMEOUT seconds."
 ;; See <http://bugs.gnu.org/12202>.
 (module-autoload! (current-module)
                   '(gnutls)
-                  '(gnutls-version make-session connection-end/client))
+                  '(make-session connection-end/client))
 
 (define %tls-ports
   ;; Mapping of session record ports to the underlying file port.
@@ -273,18 +273,7 @@ host name without trailing dot."
     ;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>.
     ;; Explicitly disable SSLv3, which is insecure:
     ;; <https://tools.ietf.org/html/rfc7568>.
-    ;;
-    ;; FIXME: Since we currently fail to handle TLS 1.3 (with GnuTLS 3.6.5),
-    ;; remove it; see <https://bugs.gnu.org/34102>.
-    (set-session-priorities! session
-                             (string-append
-                              "NORMAL:%COMPAT:-VERS-SSL3.0"
-
-                              ;; The "VERS-TLS1.3" priority string is not
-                              ;; supported by GnuTLS 3.5.
-                              (if (string-prefix? "3.5." (gnutls-version))
-                                  ""
-                                  ":-VERS-TLS1.3")))
+    (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0")
 
     (set-session-credentials! session
                               (if (and verify-certificate? ca-certs)
-- 
cgit v1.2.3