Hi Marius, Marius Bakke skribis: > $ ./pre-inst-env guix download https://data.iana.org > Starting download of /tmp/guix-file.vJ4v7h > From https://data.iana.org... > Throw to key `gnutls-error' with args `(# read_from_session_record_port)'. > failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org" > guix download: error: https://data.iana.org: download failed > > The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0], > and I suspect the problem is that Guix (or the GnuTLS Guile bindings) > does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my > attempts at catching it (or any error code) has been unfruitful. > > This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the > priority string works as a last-resort workaround. > > [0] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html I’ve submitted a bunch of changes upstream to better support post-handshake re-authentication: https://gitlab.com/gnutls/gnutls/merge_requests/1026 In particular, this adds ‘connection-flag/post-handshake-auth’ and ‘connection-flag/auto-reauth’, which can be passed to ‘make-session’. But as it turns out, there’s one patch that, alone, appears to fix the issue above: https://gitlab.com/civodul/gnutls/commit/7421ca2cfd2d9f4ac89bdec786eb745533430316 Ideally we’d wait for the next GnuTLS release that includes all of this. However, if that helps, we can apply this patch to the ‘gnutls’ package in ‘core-updates’ in the meantime. WDYT? Ludo’.