Mail Archives: cygwin/2021/02/05/20:01:19

Brad Wetmore via Cygwin <cygwin AT cygwin DOT com> · Sat, 6 Feb 2021 01:00:28 +0000

Hi,

I am trying to install a new instance of cygwin on Windows 2016 Server MSDN instance and am having problems downloading the mirrors list:

    2021/02/05 14:21:39 connection error: 12029 fetching https://cygwin.com/mirrors.lst

Using Wireshark and configuration options in Firefox, the root cause appears to be that the setup-x86_64.exe is trying to use TLSv1.0 and SSLv3 to download this file, but the download is failing as the response is a fatal TLS alert: invalid protocol (2/70). Many Internet servers have been shutting off TLSv1.0/SSLv3 in favor of TLSv1.2/1.3 these days, is this a case of that? If so, the setup app needs to be updated.

I can specify a specific server URL after the mirrors.lst download fails and can at least get something installed.

Is there any workaround to force setup-x86_64.exe to default to TLSv1.2/1.3? Or is this something that the MSDN version of Windows 2016 Server has configured?

More details/symptoms:

I am behind a firewall, but the proxy settings in IE allow me to tunnel out. The corresponding "Use System Proxy Settings" in Firefox works fine. But when I set the TLS settings in Firefox's "about:config" to use only TLSv1.0/SSLv3, I see the same alert being returned to Firefox.

Wireshark reports:

CONNECT cygwin.com:443 HTTP1.0 ->
User-Agent: ...deleted

<- HTTP/1.0 200 Connection established

ClientHello ->
v1.0

<- Fatal Alert: 2/70

Supposedly SCHANNEL has TLSv1.2 on by default, but have no idea how the setup app is written.

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-
https://docs.microsoft.com/en-us/archive/blogs/kaushal/support-for-ssltls-protocols-on-windows

My previous installs of cygwin aren't having any problems when trying to incrementally add software, maybe the mirrors file is cached somewhere?

Thanks for any tips,

Brad

--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 5C9E23A15C47
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1612573233;
	bh=88Ms/g9XxHMliR+9lPTmNJcgOYq17tuVmmjzjsK6AP4=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	List-Help:List-Subscribe:From:Reply-To:From;
	b=EdE31CHQQLGQHgTWADs65sFxeSbFXZh8pcI9tuvCxE9NR0nvstj9Lka5rHSFyktDY
	HFcl9VbGNQP+SEXjj2jTGhEdT1feR7s+fWxsCgS3lgSW0z7cLCN0VP2KkkheAzBby0
	oaG+G5rYVpe4tTQPvAnoDzXepOlpvPddGDIZiBME=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org 01BAA385781D
ARC-Seal:	i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
	b=QJ67EAaJK/wmG8qj/8ip3P//GQHzwfM6wm0J7zeJG0NM9Yfj+goj+XybyKZwBQansNKWWOCt4nRB9ONmkmcdfV/83bA5iYoGHiwf5A75t6ZLs/PaYVflSeBSWqSPvoucAui2qLEGxZqKvcTTlVLSzOuMMDQEG8QMM521Y3tbJ0O4IYshEyJZ4rOVgi7thwEZrRZKaTmcg7GkZGLYDkFOKeWqvWYIoZskriqHlSxEcduAxEm+IftBOPnytTSSXCJK8CyyE/gF382xWs8oYJIGGOh1t2XwlcaWcWHIAqrt06tfW0dgTCTrIdMLMPfrV0poWbJU7LU1SBfwmqCq+8n+8g==
ARC-Message-Signature:	i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
	s=arcselector9901;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=VJo7Zro5jxf9av4O34X6+vP2/ZlMTjhwOvHj9sMyF64=;
	b=Cb8dr6SIK08EniOP/aCv/ilLuBeL0SKav9rXCigLwyTsQaztqgZxHHAub7txW/zjecRpL6Do8id6WLpWSS0gpn5gA6Viud5GB9kiUEG6ZEI2dhf+XICdqkQ0a11rsXLnOSI1oobdN71ptfoORe4qWiXA38eKFcHVaUVOqwCdxrTRATyhneh1CW14XkvHFvb9/iXnAifu0O/KRxOgSlXyBHUhyt9Na6eSdVsT58r7VNjSMynzXDOQCv1PNjXHKaw0lavwYotXCGPTWEbnDTbgb89+BzLfCf4pqmWwZvd2YPxdj63n3gqn42RaN9l6FZZZWxRThFLM00atcMVCFbNGRA==
ARC-Authentication-Results:	i=1; mx.microsoft.com 1; spf=none; dmarc=none;
	dkim=none; arc=none
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject:	TLS version problem downloading mirrors.lst?
Thread-Topic:	TLS version problem downloading mirrors.lst?
Thread-Index:	AQHW/CM9OQWtZDgBnkuxFieuhT70Xw==
Date:	Sat, 6 Feb 2021 01:00:28 +0000
Message-ID:	<BYAPR07MB59425A659F71A5C1246B588EB6B19@BYAPR07MB5942.namprd07.prod.outlook.com>
Accept-Language:	en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker:	OriginalChecksum:C1E9F86A863DFA35FC61D43A08C6EB7EC597BD3936984E07938E2CBAF03EAAD4;
	UpperCasedChecksum:F060995878260A023259B2AF119FD8B7FC2D0A2BA0643944FA06D02BAD500C1B;
	SizeAsReceived:6862; Count:42
x-ms-exchange-messagesentrepresentingtype:	1
x-tmn:	[KlLl0P0FFg29d6QlmGIRxMMU1ita6afjPey4a3x6768dg9pXpaF3d2F4gt6rD7Xb3d85dfNwWBs=]
x-ms-publictraffictype:	Email
x-incomingheadercount:	42
x-eopattributedmessage:	0
x-ms-office365-filtering-correlation-id:	e0ab50e0-1fd1-443f-c2ba-08d8ca3a982f
x-ms-traffictypediagnostic:	DM6NAM10HT083:
x-microsoft-antispam:	BCL:0;
x-microsoft-antispam-message-info:	yNzj+tidaA/Vuiu7BOz9GF8X9hMzREaofhfugixAEpFbmVGpPrlQ9Ryeqc/TUunSn3gBuJkYgSjjElyVfGa1I1TwrQNkloL6hsWXwy0SD5Di43iDNmJR+xqc7Jpmal8HBSHkyW7RyMRFdcwxAJ/CwAryeHul0v1XPntl3Z1hrSapENMY3PM8GUzIUUMmjqFgkQ3FNbVO2UsKWGAD9WJhMY7SpR69Ao8JC8fbtsFyO3gFCxuD3OuoC2WpIfZAP9FzUeoN0M7HI4gNfStPW70LKdh2c3B1O8wZlkN3ymHUxOK7AzCT+LjZem/jvVzJ0Jo9xRfOJCiTExNDScR7bRzRhZyh+GGo61MXZmhNULxxxWwgg0CMHEc3yEiu8GBnpdSexptCfjeuz3Wi+RX9XQub/qytUKsZLt2kC2j6cL5bxaClCyw66Os2DmY0FWexNf9V
x-ms-exchange-antispam-messagedata:	k73FQqBVdeWlOs9Adv1dccU9gY1Na97dBhRPxMO6TBaCaUczElsNjxJ391irTAm7So+6nEyyWrCDCCK5U0qjEH/gypTR36XH+armY7Huh4zVE8UMpBX3kCUSD2vvv7lXTqCW8O6D4m5Tzq1o2KyuQkO75BAzXoIEGmpqCSQ9UPMVxwazNHTGE4G2RVMvNFToEcy3fTeEj7SzDmI8076I0Q==
x-ms-exchange-transport-forked:	True
MIME-Version:	1.0
X-OriginatorOrg:	hotmail.com
X-MS-Exchange-CrossTenant-AuthAs:	Anonymous
X-MS-Exchange-CrossTenant-AuthSource:	DM6NAM10FT014.eop-nam10.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:	00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id:	e0ab50e0-1fd1-443f-c2ba-08d8ca3a982f
X-MS-Exchange-CrossTenant-originalarrivaltime:	06 Feb 2021 01:00:28.2516 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader:	Internet
X-MS-Exchange-CrossTenant-id:	84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg:	00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped:	DM6NAM10HT083
X-Spam-Status:	No, score=-2.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS,
	TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-Content-Filtered-By:	Mailman/MimeDel 2.1.29
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Brad Wetmore via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Brad Wetmore <bradfordwetmore AT hotmail DOT com>
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019