~ruther/guix-local: download: Add "%COMPAT" to the priority string.

967ee481e893fd77ff8ca896188e20e425331bf2 — Ludovic Courtès 10 years ago 083b3a0

download: Add "%COMPAT" to the priority string.

Fixes <http://bugs.gnu.org/23311>.

* guix/build/download.scm (tls-wrap): Add 'set-session-priorities!' call.

patch browse .tar.gz

1 files changed, 7 insertions(+), 0 deletions(-)

M guix/build/download.scm

M guix/build/download.scm => guix/build/download.scm +7 -0

@@ 274,6 274,13 @@ host name without trailing dot."
 
     (set-session-transport-fd! session (fileno port))
     (set-session-default-priority! session)
+
+    ;; The "%COMPAT" bit allows us to work around firewall issues (info
+    ;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>.
+    ;; Explicitly disable SSLv3, which is insecure:
+    ;; <https://tools.ietf.org/html/rfc7568>.
+    (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0")
+
     (set-session-credentials! session (make-certificate-credentials))
 
     ;; Uncomment the following lines in case of debugging emergency.