Description
Issue was originally discovered in an unrelated issue: #5065
Due to a recent change on Github, TLS 1.0 and 1.1 are no longer supported: https://github.com/blog/2507-weak-cryptographic-standards-removed
Unfortunately Windows 7 WinHTTP by default only uses up to TLS 1.0, and because Cargo uses libgit2 which uses WinHTTP, this renders cargo effectively broken whenever it tries to fetch any git repo including the crates.io index.
PS [00:51:51] C:\Users\Arnavion\Desktop> cargo install https://github.com/alexcrichton/wasm-gc
Updating registry `https://github.com/rust-lang/crates.io-index`
warning: spurious network error (2 tries remaining): unknown certificate check failure; class=Net (12); code=Certificate (-17)
warning: spurious network error (1 tries remaining): unknown certificate check failure; class=Net (12); code=Certificate (-17)
error: failed to fetch `https://github.com/rust-lang/crates.io-index`
Caused by:
unknown certificate check failure; class=Net (12); code=Certificate (-17)Fortunately this issue can be fixed by the user by ensuring they have a certain update and also editing their registry appropriately, as described here: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in
However users are not going to magically know what the solution is when they run into this problem, so we need to tell them everywhere possible. We need to spread awareness on this issue through the Rust blog, TWiR, Reddit, Twitter, and anywhere else that Rust has a social media presence.
Additionally we need to implement checks in Cargo and Rustup for users that are using Windows 7 and don't have the fix applied, telling the user very LOUDLY that they need to apply that fix, along with providing detailed instructions on how to fix it.