https://bugs.winehq.org/show_bug.cgi?id=46161
Bug ID: 46161 Summary: Wine: Wrong GnuTLS usage? Product: Wine Version: 3.20 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: jaapbuurman@gmail.com Distribution: ---
I am using Wine from WineHQ's official repository to run World of Warcraft. I use the Twitch client to keep my addons updated. On my desktop PC that is running Arch with GnuTLS 3.5.19 this is working fine. However, on my Laptop running Ubuntu 18.10 (Fresh install) with GnuTLS 3.6.4 it is unable to find and sync my addons. When I start the Twitch client from the terminal, the log is being spammed with the following messages:
GnuTLS error: A packet with illegal or unsupported version was received.
Said errors are missing when I do the same to run Twitch on my Arch Desktop PC and it syncs just fine.
I first assumed this was a GnuTLS bug and opened an issue there, but one of the developers recommended to open a bug here since according to him it looked like a Wine bug instead.
Issue tracker at GnuTLS: https://gitlab.com/gnutls/gnutls/issues/621
I quote:
I suspect something is wrong in wine. The application via wine seems to advertise TLS1.3 and TLS1.0, and that confuses the server who selects TLS1.2 (advertising protocols which are not continuous is quite risky, as we see from the server's behavior):
gnutls[2]: Advertizing version 3.4 gnutls[2]: Advertizing version 3.1
My high level understanding of the wine code is that it allows an application to specifically remove some versions of TLS and keep some others, however it is not ready for TLS1.3. That's the reason the application you use ends up advertising TLS1.3 and TLS1.0, although probably the intention was to only have TLS1.0 there. Seeing wine's schan_imp_create_session it did not anticipate a new protocol being added to the list. I suggest opening an issue at the wine issue tracker.
I think they need to either add support for TLS1.3 if schannel has it, or remove all enabled versions using -VERS-ALL before adding one explicitly selected by the application. It is a long shot though, as I do not claim to fully comprehend the code.