On March 4, 2019 at 11:25PM +, Peter.Chubb (at data61.csiro.au) wrote:
> I rebuilt emacs without the in-built GNUTLS --- and everything now
> works properly.
>
> I added the line:
> confflags += --without-gnutls
> to debian/rules and rebuilt.
Rebuilding the emacs package may be unneeded.
Emacs 26's in-built gnutls.el with TLS 1.3 seems buggy.
cf. https://lists.gnu.org/archive/html/help-gnu-emacs/2019-02/msg00144.html
https://lists.gnu.org/archive/html/emacs-devel/2019-02/msg00393.html
So, adding "-VERS-TLS1.3" to gnutls-algorithm-priority might
prevent the problem.
(setq gnutls-verify-error t)
(setq gnutls-min-prime-bits 1024)
(setq gnutls-algorithm-priority "SECURE128:-VERS-SSL3.0:-VERS-TLS1.3")
For Wanderlust (>= 2018-03-31), to use tls.el instead of gnutls.el
anyway, set elmo-network-use-gnutls to nil.
(setq elmo-network-use-gnutls nil)
(setq tls-checktrust t)
(setq tls-program '("gnutls-cli --x509cafile
/etc/ssl/certs/ca-certificates.crt --priority SECURE128:-VERS-SSL3.0 -p %p %h"))
Thanks,
--
Tatsuya Kinoshita
