Re: eww + w3m / GnuTLS TLSv1 support ?

[Herbert J. Skuhra]

On Mon, 14 Feb 2022 13:34:04 +0100, Jason Vas Dias wrote:
> 
> Thanks, Eli -
> 
>   I did try setting :
> 
>   (set-variable gnutls-algorithm-priority
>    "LEGACY:VERS-TLS1.3:VERS-TLS1.2:VERS-TLS1.1:VERS-TLS1.0"
>   )
>   (set-variable my-tls-stream (open-gnutls-stream "tls" "tls-buffer"
> "192.168.1.1" "https")
>   )
> 
>  but still no joy :
> 
> gnutls.el: (err=[-50] The request is invalid.) boot: (:priority
> LEGACY:VERS-TLS1.3:VERS-TLS1.2:VERS-TLS1.1:VERS-TLS1.0 :hostname
> 192.168.1.1 :loglevel 0 :min-prime-bits nil :trustfiles
> (/etc/pki/tls/certs/ca-bundle.crt /etc/ssl/cert.pem) :crlfiles nil
> :keylist nil :verify-flags nil :verify-error nil :callbacks nil)
> gnutls-negotiate: GnuTLS error: #<process tls>, -50
> 
>   On browsers, once I have got one to accept trying to use
>   TLSv1.0 , which ATM stiil seems not to be possible,
>   the next thing is I have to add the router's self-signed
>   certificate to the browser's trust store, usually through some
>   Advanced -> Add Security Exception "Site Security Exception List" -
>   is there such a list for GnuTLS ? Or a way of specifying the
>   equivalent of curls' '-k': 'do not validate certificate trust chain' option 
> ?

What operating system and version do you use? What Emacs and GnuTLS
version?

I cannot reproduce any of your issues. Here gnutls-algorithm-priority
is nil (default) and when I try to connect to my Snom phone with eww
the Network Security Manager shows a warning and prompts me to confirm
the low security connection. 

And in Firefox I only had to set
security.tls.version.enable-deprecated to true. Maybe try to get an
offical binary from: https://ftp.mozilla.org/pub/firefox/releases/

--
Herbert