From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bradfordwetmore@hotmail.com>
Received: from NAM10-DM6-obe.outbound.protection.outlook.com
 (mail-dm6nam10olkn2044.outbound.protection.outlook.com [40.92.41.44])
 by sourceware.org (Postfix) with ESMTPS id 01BAA385781D
 for <cygwin@cygwin.com>; Sat,  6 Feb 2021 01:00:30 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 01BAA385781D
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=QJ67EAaJK/wmG8qj/8ip3P//GQHzwfM6wm0J7zeJG0NM9Yfj+goj+XybyKZwBQansNKWWOCt4nRB9ONmkmcdfV/83bA5iYoGHiwf5A75t6ZLs/PaYVflSeBSWqSPvoucAui2qLEGxZqKvcTTlVLSzOuMMDQEG8QMM521Y3tbJ0O4IYshEyJZ4rOVgi7thwEZrRZKaTmcg7GkZGLYDkFOKeWqvWYIoZskriqHlSxEcduAxEm+IftBOPnytTSSXCJK8CyyE/gF382xWs8oYJIGGOh1t2XwlcaWcWHIAqrt06tfW0dgTCTrIdMLMPfrV0poWbJU7LU1SBfwmqCq+8n+8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=VJo7Zro5jxf9av4O34X6+vP2/ZlMTjhwOvHj9sMyF64=;
 b=Cb8dr6SIK08EniOP/aCv/ilLuBeL0SKav9rXCigLwyTsQaztqgZxHHAub7txW/zjecRpL6Do8id6WLpWSS0gpn5gA6Viud5GB9kiUEG6ZEI2dhf+XICdqkQ0a11rsXLnOSI1oobdN71ptfoORe4qWiXA38eKFcHVaUVOqwCdxrTRATyhneh1CW14XkvHFvb9/iXnAifu0O/KRxOgSlXyBHUhyt9Na6eSdVsT58r7VNjSMynzXDOQCv1PNjXHKaw0lavwYotXCGPTWEbnDTbgb89+BzLfCf4pqmWwZvd2YPxdj63n3gqn42RaN9l6FZZZWxRThFLM00atcMVCFbNGRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
Received: from DM6NAM10FT014.eop-nam10.prod.protection.outlook.com
 (2a01:111:e400:7e86::45) by
 DM6NAM10HT083.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e86::255)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.11; Sat, 6 Feb
 2021 01:00:28 +0000
Received: from BYAPR07MB5942.namprd07.prod.outlook.com
 (2a01:111:e400:7e86::48) by DM6NAM10FT014.mail.protection.outlook.com
 (2a01:111:e400:7e86::281) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.11 via Frontend
 Transport; Sat, 6 Feb 2021 01:00:28 +0000
Received: from BYAPR07MB5942.namprd07.prod.outlook.com
 ([fe80::443a:b5ef:f1af:e6b4]) by BYAPR07MB5942.namprd07.prod.outlook.com
 ([fe80::443a:b5ef:f1af:e6b4%6]) with mapi id 15.20.3805.027; Sat, 6 Feb 2021
 01:00:28 +0000
From: Brad Wetmore <bradfordwetmore@hotmail.com>
To: "cygwin@cygwin.com" <cygwin@cygwin.com>
Subject: TLS version problem downloading mirrors.lst?
Thread-Topic: TLS version problem downloading mirrors.lst?
Thread-Index: AQHW/CM9OQWtZDgBnkuxFieuhT70Xw==
Date: Sat, 6 Feb 2021 01:00:28 +0000
Message-ID: <BYAPR07MB59425A659F71A5C1246B588EB6B19@BYAPR07MB5942.namprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-incomingtopheadermarker: OriginalChecksum:C1E9F86A863DFA35FC61D43A08C6EB7EC597BD3936984E07938E2CBAF03EAAD4;
 UpperCasedChecksum:F060995878260A023259B2AF119FD8B7FC2D0A2BA0643944FA06D02BAD500C1B;
 SizeAsReceived:6862; Count:42
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [KlLl0P0FFg29d6QlmGIRxMMU1ita6afjPey4a3x6768dg9pXpaF3d2F4gt6rD7Xb3d85dfNwWBs=]
x-ms-publictraffictype: Email
x-incomingheadercount: 42
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: e0ab50e0-1fd1-443f-c2ba-08d8ca3a982f
x-ms-traffictypediagnostic: DM6NAM10HT083:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yNzj+tidaA/Vuiu7BOz9GF8X9hMzREaofhfugixAEpFbmVGpPrlQ9Ryeqc/TUunSn3gBuJkYgSjjElyVfGa1I1TwrQNkloL6hsWXwy0SD5Di43iDNmJR+xqc7Jpmal8HBSHkyW7RyMRFdcwxAJ/CwAryeHul0v1XPntl3Z1hrSapENMY3PM8GUzIUUMmjqFgkQ3FNbVO2UsKWGAD9WJhMY7SpR69Ao8JC8fbtsFyO3gFCxuD3OuoC2WpIfZAP9FzUeoN0M7HI4gNfStPW70LKdh2c3B1O8wZlkN3ymHUxOK7AzCT+LjZem/jvVzJ0Jo9xRfOJCiTExNDScR7bRzRhZyh+GGo61MXZmhNULxxxWwgg0CMHEc3yEiu8GBnpdSexptCfjeuz3Wi+RX9XQub/qytUKsZLt2kC2j6cL5bxaClCyw66Os2DmY0FWexNf9V
x-ms-exchange-antispam-messagedata: k73FQqBVdeWlOs9Adv1dccU9gY1Na97dBhRPxMO6TBaCaUczElsNjxJ391irTAm7So+6nEyyWrCDCCK5U0qjEH/gypTR36XH+armY7Huh4zVE8UMpBX3kCUSD2vvv7lXTqCW8O6D4m5Tzq1o2KyuQkO75BAzXoIEGmpqCSQ9UPMVxwazNHTGE4G2RVMvNFToEcy3fTeEj7SzDmI8076I0Q==
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-AuthSource: DM6NAM10FT014.eop-nam10.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: e0ab50e0-1fd1-443f-c2ba-08d8ca3a982f
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Feb 2021 01:00:28.2516 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6NAM10HT083
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2021 01:00:31 -0000

Hi,

I am trying to install a new instance of cygwin on Windows 2016 Server MSDN=
 instance and am having problems downloading the mirrors list:

    2021/02/05 14:21:39 connection error: 12029 fetching https://cygwin.com=
/mirrors.lst

Using Wireshark and configuration options in Firefox, the root cause appear=
s to be that the setup-x86_64.exe is trying to use TLSv1.0 and SSLv3 to dow=
nload this file, but the download is failing as the response is a fatal TLS=
 alert: invalid protocol (2/70). Many Internet servers have been shutting o=
ff TLSv1.0/SSLv3 in favor of TLSv1.2/1.3 these days, is this a case of that=
? If so, the setup app needs to be updated.

I can specify a specific server URL after the mirrors.lst download fails an=
d can at least get something installed.

Is there any workaround to force setup-x86_64.exe to default to TLSv1.2/1.3=
? Or is this something that the MSDN version of Windows 2016 Server has con=
figured?


More details/symptoms:

I am behind a firewall, but the proxy settings in IE allow me to tunnel out=
. The corresponding "Use System Proxy Settings" in Firefox works fine. But =
when I set the TLS settings in Firefox's "about:config" to use only TLSv1.0=
/SSLv3, I see the same alert being returned to Firefox.

Wireshark reports:

CONNECT cygwin.com:443 HTTP1.0 ->
User-Agent: ...deleted

<- HTTP/1.0 200 Connection established

ClientHello ->
v1.0

<- Fatal Alert: 2/70

Supposedly SCHANNEL has TLSv1.2 on by default, but have no idea how the set=
up app is written.

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ss=
l--schannel-ssp-
https://docs.microsoft.com/en-us/archive/blogs/kaushal/support-for-ssltls-p=
rotocols-on-windows

My previous installs of cygwin aren't having any problems when trying to in=
crementally add software, maybe the mirrors file is cached somewhere?

Thanks for any tips,

Brad