search

hashicorp / vagrant

Vagrant is a tool for building and distributing development environments.
https://www.vagrantup.com
Other
26.01k stars 4.42k forks source link

curl/schannel error "SEC_E_ALGORITHM_MISMATCH " getting box from private registry #13365

Open jjolidon opened 3 months ago

jjolidon commented 3 months ago

Hello,

This error occurs with our private vagrant registry, which currently uses TLS 1.3. This could be related to this curl PR in which case the issue would be that curl is outdated.

Sincerely, J.

Debug output

Log

Expected behavior

The box is downloaded

Actual behavior

schannel: next InitializeSecurityContext failed: SEC_E_ALGORITHM_MISMATCH (0x80090331) - The client and server cannot communicate, because they do not possess a common algorithm.

Reproduction information

Vagrant add for a server running TLS1.3. The registry is protected by a pfx certificate, but I don't think that's relevant. Firefox can connect, the cipher suite is described as TLS_AES_256_GCM_SHA384, 256 bits keys, TLS 1.3, which seems to correspond to current best practices.

Vagrant version

Vagrant 2.4.1

Host operating system

Windows 10 22H2 19045.4046

Guest operating system

Windows 10 (not relevant)

Steps to reproduce

  1. Use vagrant add to connect to a private repository with https over TLS 1.3

Vagrantfile

N/A

wyattoday commented 2 months ago

Windows 10 doesn't support proper TLS 1.3. The PR you linked to says as much. Use Windows 11.