cargo: Windows 7 users broken by recent Github change

What about users who do not have admin rights?

However users are not going to magically know what the solution is when they run into this problem, so we need to tell them everywhere possible. We need to spread awareness on this issue through the Rust blog, TWiR, Reddit, Twitter, and anywhere else that Rust has a social media presence.

How easy is it to check the error type and try to see if a failure is due to this issue? If it’s easy enough to detect we could even emit a helpful error message with a link to the relevant resources.

Downloading KB3140245 and setting DefaultSecureProtocols seemed to help in my case.

For others to emulate, my registry keys (created in each of the two directories) have the following values:

Name = DefaultSecureProtocols Type = REG_DWORD Data = 0x00000800 (2048)

@driden Same here. The proposed solution does not solve the problem for me (on my work laptop with Win 7 Enterprise 64-bit SP1).

I actually reinstalled rust from scratch today on my work laptop (usually I use my Windows 10 desktop at home for rust projects). My work laptop had rust 1.5 from December 2015, so I wanted to update to the latest version of rust today. To update, I had to reinstall rust from scratch (due to conflict with old rust and the new rustup). With the latest install, I should have the latest version of Cargo (mine says 0.24.0).

After I ran into the certificate issue with cargo, I first implemented the “easy fix” in the download first and rebooted–no fix. I then went and manually changed the two registry keys created from the fix (DefaultSecureProtocols; REG_DWORD; 0x00000A00) to only support TLS 1.2 (DefaultSecureProtocols; REG_DWORD; 0x00000800) instead of the combo of 1.1 and 1.2–and rebooted–no fix.

Fix confirmed on my Windows 7 by installing the update and manually entering the registry keys !

For those unfamiliar with Windows or the registry editor - here’s how it should look if you did it right ! (But don’t forget to do it at the two specified locations if you have a 64-bit OS).

(nevermind the French GUI)

@sfackler You are right. Somehow missed that download link twice, damn! Method 2 (implemented correctly 😄 ) works for me. I just did a successful update of registry ‘https://github.com/rust-lang/crates.io-index’. Thanks all!

@nairware It provides two ways to install the update, and then two ways to update the registry. You have to both install the update and update the registry.

I’ve done the update, checked the registry manually and still fails when trying to fetch the registry with the same error. It’s a bummer, was trying to set up my rust env here @work since I don’t have that much on my plate atm.

Mea culpa - I spent most of last week dealing with this issue and thinking about how it affects my day job - Visual Studio / Git for Windows / Git Credential Manager for Windows, etc. I didn’t have any spare cycles to think about how it would affect libgit2, but I should have been able to see this coming. My bad. 🙁

I do think that the Best Solution is still to encourage people to get to the latest updates for their OS and enable TLS 1.2 by default (via the registry key fix), however we are working on a fix for libgit2.

@glmdgrielson Do you have the DefaultSecureProtocols reg key set as discribed in https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in?

An interesting point is that in order to detect that we are on Windows 7 we have to ask Windows what version it is, but Windows will lie and only report at most the newest version we claim to support in our manifest. Since cargo doesn’t currently ship with a manifest (the Rust team really needs to stop ignoring this Windows specific stuff), this might make things a bit difficult.