http-client-tls test failure

[bergmark]

Perhaps because of the new version of tls?

Building http-client-tls-0.2.4...
Preprocessing library http-client-tls-0.2.4...
[1 of 1] Compiling Network.HTTP.Client.TLS ( Network/HTTP/Client/TLS.hs, dist/build/Network/HTTP/Client/TLS.o )
In-place registering http-client-tls-0.2.4...
Preprocessing test suite 'spec' for http-client-tls-0.2.4...
[1 of 1] Compiling Main             ( test/Spec.hs, dist/build/spec/spec-tmp/Main.o )
Linking dist/build/spec/spec ...
> /tmp/stackage-build8/http-client-tls-0.2.4$ dist/build/spec/spec

make a TLS connection FAILED [1]

Failures:

  test/Spec.hs:10:
  1) make a TLS connection
       uncaught exception: HttpException (TlsExceptionHostPort (HandshakeFailed (Error_Packet_unexpected "Alert [(AlertLevel_Fatal,BadRecordMac)]" " expected: change cipher")) "httpbin.org" 443)

[snoyberg]

Pinging @vincenthz

[creichert]

This issue was fixed here: haskell-tls/hs-tls#124

I would consider this somewhat serious as I had multiple clients & servers deployed with this issue from a stackage snapshot which were practically unusable under load. Now I'm using:

extra-deps:
  # Pin tls version to fix BadRecordMac exceptions in http-client-tls
  # https://github.com/vincenthz/hs-tls/issues/124
  - tls-1.3.5
  - cryptonite-0.15

[snoyberg]

This shouldn't be showing up in recent builds though, since Stackage has already moved over to a recent tls release.

[creichert]

What stackage snapshot is being used when the above fails? http-client-tls-0.2.0.4 has been in several versions of stackage yet the tls package was upgraded to a "fixed" vesion in lts-5.14.

[bergmark]

this is while building a new nightly, with tls-1.3.6

[vincenthz]

looks like a bug in SHA384 based ciphers which got defined while investigating haskell-tls/hs-tls#139 which made tls 1.3.6; I've disabled them now, and uploaded tls 1.3.7

[bergmark]

LTS 5.16 made it out with http-client-tls-0.2.4 + tls-1.3.7 so this is fixed, thanks!