alexxbb
commented
3 years ago Closed alexxbb closed 3 years ago
alexxbb
commented
3 years ago 
dbrgn
commented
3 years ago Could it be that your proxy does not actually support TLS/HTTPS? Does it work if you unset HTTPS_PROXY and set HTTP_PROXY instead?
If not, does your proxy host have a valid HTTPS setup with a non-self-signed certificate?
dbrgn
commented
3 years ago (HTTP Proxies in general should work, see #68. This must be an issue with your proxy server configuration.)
alexxbb
commented
3 years ago Could it be that your proxy does not actually support TLS/HTTPS? Does it work if you unset
HTTPS_PROXYand setHTTP_PROXYinstead?If not, does your proxy host have a valid HTTPS setup with a non-self-signed certificate?
setenv HTTP_PROXY http://proxy.$HOST.com:8080
Doesn't work either. It could be that our proxy is old and/or very strict. Our environment is very isolated, but the infra team said it should just work, because .. curl and wget work...
dbrgn
commented
3 years ago It could also be that the proxy uses old (insecure) versions of SSL, which are not supported anymore by the reqwests library and its TLS stack.
In case you have the openssl binary installed, what does openssl s_client -connect your-proxy:8080 return? For example:
$ openssl s_client -connect github.com:443 2>/dev/null | grep Cipher
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256Note: There was an attempt at making network support optional (https://github.com/dbrgn/tealdeer/pull/72), but it was dropped as nobody seemed to care about it (and it would have added quite some additional maintenance cost).
alexxbb
commented
3 years ago >> openssl s_client -connect github.com:443
socket: Bad file descriptor connect:errno=9
I'm going to close this, because our super isolated environment is probably to secure and(or) outdated that it's not worth spending time on it. I can still download the .tar file manually with wget.
Thank you!