Hello! On the staging branch (with GnuTLS 3.6), `guix download` will negotiate TLSv1.3 with servers that support it, and fail shortly after the initial handshake: $ ./pre-inst-env guix download https://data.iana.org Starting download of /tmp/guix-file.vJ4v7h From https://data.iana.org... Throw to key `gnutls-error' with args `(# read_from_session_record_port)'. failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org" guix download: error: https://data.iana.org: download failed The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0], and I suspect the problem is that Guix (or the GnuTLS Guile bindings) does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my attempts at catching it (or any error code) has been unfruitful. This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the priority string works as a last-resort workaround. [0] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html