STM32CubeIDE for Visual Studio Code - Failed to download bundle repository index.

thiago-pontes · ‎2026-03-24

Hi, I am experiencing a bug in the latest version of the Extension for VS Code. As soon as I open the extension I receive this message:
"Unable to contact the STM32Cube registry, verify your Internet connection..."

If I run "cube bundle list-online" in the terminal I get this:

cube bundle list-online

Download attempt 2 out of 5 for https://developer.st.com/bundles/BundleRepositoryIndex.json ...

Download attempt 3 out of 5 for https://developer.st.com/bundles/BundleRepositoryIndex.json ...

Download attempt 4 out of 5 for https://developer.st.com/bundles/BundleRepositoryIndex.json ...

Download attempt 5 out of 5 for https://developer.st.com/bundles/BundleRepositoryIndex.json ...
Failed to list available online bundles: Failed to download bundle repository index: Failed to send request: error sending request for url (https://developer.st.com/bundles/BundleRepositoryIndex.json)

But if I install the STM32Cube Core - Version 1.1.0, everything works fine:

cube bundle list-online
    Name                                   : Platform             Version
    ---------------------------------------------------------------------
    adoptium-jre                           : x86_64-windows       ["21.0.8+9.st.2", "17.0.16+8.st.1", "17.0.15+6.st.1", "17.0.14+7.st.6", "17.0.14+7.st.5"]
    cmake                                  : x86_64-windows       ["4.2.3+st.1", "4.0.1+st.3"]
    cube-cmsis-scanner                     : x86_64-windows       ["2.4.2", "2.2.1", "1.1.3", "1.1.0", "1.0.1"]
    cube-code-doc                          : all                  ["0.0.7+st.2", "0.0.6+st.2", "0.0.5+st.1", "0.0.3+st.1", "0.0.2+st.1"]
    cube-code-manifest                     : x86_64-windows       ["1.1.3+st.1", "1.0.9+st.2", "1.0.6+st.1", "1.0.3+st.1", "1.0.1+st.1", "1.0.0+st.1"]
    cube-wrapper                           : x86_64-windows       ["0.10.2", "0.8.3", "0.7.3"]
    gnu-gdb-for-stm32                      : x86_64-windows       ["14.3.1+st.2", "13.3.1+st.10", "13.3.1+st.9"]
    gnu-tools-for-stm32                    : x86_64-windows       ["14.3.1+st.2", "13.3.1+st.9", "13.3.1+st.8"]
    gnu-tools-for-stm32-13_3_1-description : all                  ["1.0.1+st.1", "1.0.0+st.1"]
    gnu-tools-for-stm32-14_3_1-description : all                  ["1.0.1+st.2", "1.0.1+st.1"]
    ide-project-converter                  : all                  ["1.0.0"]
    jlink-gdbserver                        : x86_64-windows       ["9.14.1+st.1", "8.80.0+st.1", "8.38.0+st.1", "8.12.3+st.3"]
    ninja                                  : x86_64-windows       ["1.13.2+st.1", "1.13.1+st.1", "1.12.1+st.9"]
    node                                   : x86_64-windows       ["22.22.0+st.1", "20.19.4+st.1", "20.18.3+st.3"]
    osgi-exporter                          : all                  ["0.0.4"]
    pack-manager                           : all                  ["0.5.3", "0.3.12", "0.3.8", "0.3.7"]
    pack-manager-snapshot                  : all                  ["2026.2.27", "2025.11.6", "2025.8.6", "2025.6.19", "2025.4.24"]
    programmer                             : x86_64-windows       ["2.22.0+st.1", "2.21.0", "2.20.0", "2.19.0+st.1"]
    project_extractor                      : x86_64-windows       ["1.2.0"]
    rtos-proxy                             : x86_64-windows       ["0.18.1+st.3", "0.17.0+st.3"]
    st-arm-clang                           : x86_64-windows       ["21.1.1+st.6", "19.1.6+st.10", "19.1.6+st.9", "19.1.6+st.8"]
    st-arm-clang-19_1_6-description        : all                  ["0.0.5+st.1", "0.0.4+st.1"]
    st-arm-clang-21_1_1-description        : all                  ["1.0.1+st.1"]
    st-arm-clang-hybrid                    : all                  ["21.1.1+st.2", "19.1.6+st.3", "19.1.6+st.2"]
    st-arm-clang-hybrid-19_1_6-description : all                  ["0.0.6+st.1", "0.0.5+st.1"]
    st-arm-clang-hybrid-21_1_1-description : all                  ["1.0.0+st.1"]
    st-arm-clangd                          : x86_64-windows       ["21.1.0+st.2", "19.1.2+st.3"]
    stlink-gdbserver                       : x86_64-windows       ["7.13.0+st.3", "7.12.0+st.2", "7.11.0+st.1", "7.10.0+st.3"]
    stlink-server                          : x86_64-windows       ["2.1.1+st.8", "2.1.1+st.7"]
    stlink-upgrader                        : x86_64-windows       ["3.17.10+st.1", "3.16.9+st.4", "3.16.8+st.3"]
    stlink-usb-driver                      : x86_64-windows       ["2.1.2+st.5"]

Is there any breaking changes from 1.1.0 to 1.2.0?
Best regards

thiago-pontes · ‎2026-03-25

Ok, using with curl.exe in verbose mode:

PS C:\Users\thiag\Desktop> curl.exe -v https://developer.st.com/bundles/BundleRepositoryIndex.json
* Host developer.st.com:443 was resolved.
* IPv6: (none)
* IPv4: 2.18.20.135, 2.18.20.133
*   Trying 2.18.20.135:443...
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* closing connection #0
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.

Updated to show the output inside WSL:

thiago@PC-Thiago:~$ curl -o teste.json -v https://developer.st.com/bundles/BundleRepositoryIndex.json
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host developer.st.com:443 was resolved.
* IPv6: 2600:1419:6a00:16::5f64:9cb2, 2600:1419:6a00:16::5f64:9cac
* IPv4: 2.18.20.135, 2.18.20.133
*   Trying 2.18.20.135:443...
* Connected to developer.st.com (2.18.20.135) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [29 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2736 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=www.st.com
*  start date: Mar  5 08:31:22 2026 GMT
*  expire date: Jun  3 08:31:21 2026 GMT
*  subjectAltName: host "developer.st.com" matched cert's "developer.st.com"
*  issuer: C=US; O=Let's Encrypt; CN=R12
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
} [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://developer.st.com/bundles/BundleRepositoryIndex.json
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: developer.st.com]
* [HTTP/2] [1] [:path: /bundles/BundleRepositoryIndex.json]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /bundles/BundleRepositoryIndex.json HTTP/2
> Host: developer.st.com
> User-Agent: curl/8.5.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [281 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [281 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 200
< content-type: application/octet-stream
< content-length: 292127
< last-modified: Mon, 09 Mar 2026 09:15:15 GMT
< etag: "129bc601f43f9165786553f95035bb5f"
< x-amz-server-side-encryption: AES256
< x-amz-meta-md5: 129bc601f43f9165786553f95035bb5f
< x-amz-meta-sha256: b5567d3ce696a650884688e8a5dfc0b38761f16afeb73f3241216d459e6a1a89
< x-amz-meta-sha1: 9923faf6d929aa5c0c9d75e68e0626f5d78d3ff7
< x-amz-version-id: kQ8YnexFRmQOWXUQH8LCMHV97wSL8cmQ
< accept-ranges: bytes
< x-amz-cf-pop: JFK52-P7
< x-amz-cf-id: OkPfkgyM7pezZyN-hL6IxEJcfLsieXJ1pPfUKi6t6fHszQ64TENyMQ==
< cache-control: max-age=5390
< date: Wed, 25 Mar 2026 13:27:24 GMT
< server-timing: cdn-cache; desc=HIT
< server-timing: edge; dur=1
< akamai-request-bc: [a=2.20.132.69,b=1984780358,c=g,n=BR_SP_SAOPAULO,o=20940]
< akamai-grn: 0.45841402.1774445244.764d5846
< set-cookie: _abck=C327320371416D54CD2DDFFD83365C11~-1~YAAQRYQUAvgAhvycAQAAe7EtJQ/7jPsqKNf3vu32uug84tS93O7s1cZe0cYbZnlpUwwOoe0uIV41aXC2S1wQ4SufGMpgRSqXLSyDF5zoX8JaagkkLzDGapod8uLkFxdwfI8Bbgr2KNKYUxOk7iJBGmS9poHf14UCqEr7o4ogNg/YqAWOFCppUDgFnUfKqeNgRxtl+fmwajUDL59h7a11cv8/U3rEnAF9alw4VgUWGEXbuSN3F0uvenBhnjnCL/fqnbyUJLvwfv6AedEO0HELCD1cfn6HviJvay4DmUR0sFgKZqSC3l6ygA+Q7bcyu6XlRqfVH7cn4zfSY15FDJhd11Cwhjv9wHJmPJ4gzaTiyQIRspXIi8soaX1XzMs3ErfAAOMUih0HciFQG089dw3BYIo5ZAQROWo+HNjuiCfKgBZAgby65mzU7Ay/bTFAoZ2D5A==~-1~-1~-1~-1~-1; Domain=.st.com; Path=/; Expires=Thu, 25 Mar 2027 13:27:24 GMT; Max-Age=31536000; Secure
< set-cookie: bm_sz=9C3977C6AB45A370908A589E2B544C50~YAAQRYQUAvkAhvycAQAAe7EtJR8pwyDxx1z3PTv+zejqRPq//XeqZdNSCIw1ZwtYIbuuWspTE/Dvu88KW/7BdRmOxWkn6w8MJnWfNr5m753epv07HTK+N4ePeISgck2m81ggiEPKl8CZ/d++z3yooe1Zte6um3AnapLoNzEUUkSsJbdYoPKsUcVUiY+frhBTWJjEQpztBf0gakI+S3nyywcRV/C3PqjTckkyg0rZ3R2v3yaHN+/KhNWttGzeOzqJViOjg7gs55kaGgARjZFTO9s1yL1CdlJJ1B05Mc/ByAxt8UNU6rmnkzwzJX1p44LNny8fuZDv2J7LYEFD+Grv9ED2kZFNgDJMP6B8MgwD8oHs0H+3FS4=~4408387~3294521; Domain=.st.com; Path=/; Expires=Wed, 25 Mar 2026 17:27:24 GMT; Max-Age=14400
< server-timing: ak_p; desc="1774445244744_34899013_1984780358_39_7690_16_42_15";dur=1
<
{ [1 bytes data]
100  285k  100  285k    0     0  1306k      0 --:--:-- --:--:-- --:--:-- 1308k
* Connection #0 to host developer.st.com left intact

Julien D · ‎2026-03-25

So I suppose that the cube bundle list-online command would work in WSL2. If you're interested to give it a try you can install the cube command in your WSL with:

curl -s https://developer.st.com/bundles/install/install.sh | bash –

Then we need to check few things internally because, yes, there were some changes around the TLS library between the 2 versions.

That's being said it only impacts you since as per of today we didn't received other complains about, means maybe somethings to check with your computer setup.

Out of curiosity, are you able to try on other computers from your company and/or a personal computer?

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

thiago-pontes · ‎2026-03-25

So I have some tests to report and I found a work around.

Inside WSL, everything works;
I tried in another windows machine, it also worked but there is a catch -
Working machine info:

PS C:\Users\ThiagoFerreiraPontes> curl.exe -v https://developer.st.com/bundles/BundleRepositoryIndex.json -o teste.json
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host developer.st.com:443 was resolved.
* IPv6: (none)
* IPv4: 2.16.169.8, 2.16.169.15
*   Trying 2.16.169.8:443...
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* ALPN: server accepted http/1.1
* Connected to developer.st.com (2.16.169.8) port 443
* using HTTP/1.x
> GET /bundles/BundleRepositoryIndex.json HTTP/1.1
> Host: developer.st.com
> User-Agent: curl/8.13.0
> Accept: */*
>
* Request completely sent off
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 200 OK
< Content-Type: application/octet-stream
< Content-Length: 292127
< Last-Modified: Mon, 09 Mar 2026 09:15:15 GMT
< ETag: "129bc601f43f9165786553f95035bb5f"
< x-amz-server-side-encryption: AES256
< x-amz-meta-md5: 129bc601f43f9165786553f95035bb5f
< x-amz-meta-sha256: b5567d3ce696a650884688e8a5dfc0b38761f16afeb73f3241216d459e6a1a89
< x-amz-meta-sha1: 9923faf6d929aa5c0c9d75e68e0626f5d78d3ff7
< x-amz-version-id: kQ8YnexFRmQOWXUQH8LCMHV97wSL8cmQ
< Accept-Ranges: bytes
< X-Amz-Cf-Pop: JFK52-P7
< X-Amz-Cf-Id: OkPfkgyM7pezZyN-hL6IxEJcfLsieXJ1pPfUKi6t6fHszQ64TENyMQ==
< Cache-Control: max-age=1125
< Date: Thu, 26 Mar 2026 00:50:36 GMT
< Connection: keep-alive
< Server-Timing: cdn-cache; desc=HIT
< Server-Timing: edge; dur=181
< Server-Timing: origin; dur=0
< Akamai-Request-BC: [a=2.17.42.136,b=2419588264,c=g,n=BR_SP_SAOPAULO,o=20940]
< Akamai-GRN: 0.882a1102.1774486236.9037fca8
< Set-Cookie: _abck=81DDC647468A05C00BEC0F148731AA40~-1~YAAQiCoRAiQROBidAQAA9S6fJw/HLv9QsxI1NOyKAji7W43PYttQTDRp+hqJIqP+Do0WLHWYojR4DcXqP3KJRrxlvJqUjHGJ0ZyEsdip+ZTuZUyF02MKZ26Ss+YVvTYaHOysRytDkTjvuB5NdZG4ElELkfQb7DSn+fgk6W4sgCT5lwQfk09iKH/1JgI8Qa8ljFgiHNpmY2SBvlDuGLY0aj9tHyNgzVtMazPJKyiDeGoEQ5ueIrdM8bkNiQ0Cuw8qoT2OPEJBXu8ECaYAKGGDv68RZQtFaeXuE3i/GPYs1LvDUNFu9PB1xn38QBwnARPkBq0tjXPU0lwkG2cXOavpbUM7hloQk6pyUbsuIC1Ho+7fIFWVZgAT4fbT0coBgcw+QdGIRx7Pd7JuXrB2d1kCf3TpF0J6RwH/ZHN6yZ4Rzuj3R3NZQ0SlruJ7qWBbPttGWQ==~-1~-1~-1~-1~-1; Domain=.st.com; Path=/; Expires=Fri, 26 Mar 2027 00:50:36 GMT; Max-Age=31536000; Secure
< Set-Cookie: bm_sz=AD6280B049C7A99331EDAC448B88E7B0~YAAQiCoRAiUROBidAQAA9S6fJx9LyEyAw8Cw1dg5zLSn3zDi6TPnCdlWIeS3Os/JFH0fCmFGVVYQQ6vaNYi+iQhqEcltaiWjKX6rg9RyJvYVPwv9Soigwfnmo5/QhK3Fxct9bmziirf1JNeWTyOCoD09GgNXQiwlLadZOGKJAen2Nr6iAust3aUbIsT0kFFd0zlYzi2rI++oMJWSSI0k6EYdEP6erPtVDfsGnNUfEMKjAD/Db9t73ZQN1hV9VaMLpZ/ic5AjpMILTMvIdalUcNFWpprJySLIcu4OV9G69eMEPL20/oOzVH1cQr7VdI2cgqdEjToPmWlcMrq6mulZA5I+8US5l8IRRmfQBg==~4404279~4470580; Domain=.st.com; Path=/; Expires=Thu, 26 Mar 2026 04:50:36 GMT; Max-Age=14400
< Server-Timing: ak_p; desc="1774486236572_34679432_2419588264_18037_10830_73_152_-";dur=1
<
{ [14295 bytes data]
100  285k  100  285k    0     0   163k      0  0:00:01  0:00:01 --:--:--  164k
* Connection #0 to host developer.st.com left intact

_________________________________________

Edition	Windows 11 Pro
Version	24H2
Installed on	<u+200e>27/<u+200e>11/<u+200e>2024
OS build	26100.4652
Experience	Windows Feature Experience Pack 1000.26100.128.0

Non working machine info (Forcing the use of TLS 1.2): 163k 0 0:00:0

PS C:\Users\thiagne info (Forcing the >gt;:\Users\thiagne in C:\Windows\System3 info (Forcing the us2\curl.exe -v --tlsv1.2 --tls-max 1.2 https://developer.st.com/bundles/BundleRepositoryIndex.json -o teste.json

  % Total    % Received % Xferd  Average Speed  Time    Time    Time   Current

                                 Dload  Upload  Total   Spent   Left   Speed

  0      0   0      0   0      0      0      0                              0* Host developer.st.com:443 was resolved.

* IPv6: (none)

* IPv4: 2.18.20.133, 2.18.20.135

*   Trying 2.18.20.133:443...

* schannel: disabled automatic use of client certificate

* ALPN: curl offers http/1.1

* ALPN: server accepted http/1.1

* Established connection to developer.st.com (2.18.20.133 port 443) from 192.168.68.118 port 55956

* using HTTP/1.x

> GET /bundles/BundleRepositoryIndex.json HTTP/1.1

> Host: developer.st.com

> User-Agent: curl/8.18.0

> Accept: */*

>

* Request completely sent off

< HTTP/1.1 200 OK

< Content-Type: application/octet-stream

< Content-Length: 292127

< Last-Modified: Mon, 09 Mar 2026 09:15:15 GMT

< ETag: "129bc601f43f9165786553f95035bb5f"

< x-amz-server-side-encryption: AES256

< x-amz-meta-md5: 129bc601f43f9165786553f95035bb5f

< x-amz-meta-sha256: b5567d3ce696a650884688e8a5dfc0b38761f16afeb73f3241216d459e6a1a89

< x-amz-meta-sha1: 9923faf6d929aa5c0c9d75e68e0626f5d78d3ff7

< x-amz-version-id: kQ8YnexFRmQOWXUQH8LCMHV97wSL8cmQ

< Accept-Ranges: bytes

< X-Amz-Cf-Pop: JFK52-P7

< X-Amz-Cf-Id: OkPfkgyM7pezZyN-hL6IxEJcfLsieXJ1pPfUKi6t6fHszQ64TENyMQ==

< Cache-Control: max-age=3036

< Date: Thu, 26 Mar 2026 00:18:45 GMT

< Connection: keep-alive

< Server-Timing: cdn-cache; desc=HIT

< Server-Timing: edge; dur=119

< Akamai-Request-BC: [a=2.20.132.69,b=2133719066,c=g,n=BR_SP_SAOPAULO,o=20940]

< Akamai-GRN: 0.45841402.1774484325.7f2df81a

< Set-Cookie: _abck=AE67DCC2F686871124125BA709F2016B~-1~YAAQRYQUArDHuvycAQAAiQOCJw8XaAMj51MF3VlOsRq/ZLv9GIMP8MeqLRVcjYZBV0fHlYdFCmLYUIyI20EbejfmdfL9l4cNBevk/MjxKSDt4m//sdBDdyINXvV1tseCiMPhQOMiL2CJokTfckIrSoD4038dU+Xq78Jj2NPelGW4xFpoaWtoDrq2CDJJt4EAnmCmS9vE9lKe+0h0yDaQv7Bpn21omgJtDt5LobncBh858tnxX66CJaOPPuiZ0iusq36iHLfvditTinikAcegHL3exVEJMimn3LiVCZDaFJwTny2ilcYYFAHON0Yc/lQlDYuVeV2qr15epT7sL4rKcFPmmCYJIoZKKL4WLD2fnBBuX50zBtY3ZCf4CE9pIyqI2Oc7BPBwvhXyWMiZwJtOlfUliyM1JwaUnz/y0OumfJqP8TXxsVlNC2eK9QnQ1lXyZQ==~-1~-1~-1~-1~-1; Domain=.st.com; Path=/; Expires=Fri, 26 Mar 2027 00:18:45 GMT; Max-Age=31536000; Secure

< Set-Cookie: bm_sz=F8BFAE371914D1065B752D654FDE433E~YAAQRYQUArHHuvycAQAAiQOCJx+eIbaedcwDbT3kGRune5YhDOrJqmcHAynwCTJJ3rlBoqbiuI+8uVE4n7VHhnZqBvHD+vsmcsJKB+BIpuC6kSjj+ud4DEI63c8idrxm7IFwIB5pKx8Z2/GkaC07ysijwy54/BTrhfu8OrstPjZD2OZZ2ZBgyyxlkyrPBGwLoKBs8riXogf9gdTLrAfOf4NgekU4Z+KAEiVnVoYBHyWoAvaUxNg19lq9MnH54OySwNNbTDrKfe3NjBN4lCLRIAAo7wCOp0EVyuZiP2caux7J/skR1jA7xcR+EzrdG9fmUB36W3aOWRgEbsePNFF9esSZjs0V+xtGlmpM6hI=~3486517~4470832; Domain=.st.com; Path=/; Expires=Thu, 26 Mar 2026 04:18:45 GMT; Max-Age=14400

< Server-Timing: ak_p; desc="1774484325056_34899013_2133719066_11858_22958_20_29_-";dur=1

<

{ [14326 bytes data]

100 285.2k 100 285.2k   0      0 586.5k      0                              0

* Connection #0 to host developer.st.com:443 left intact


__________________________________________

Edition	Windows 11 Pro
Version	24H2
Installed on	<u+200e>06/<u+200e>11/<u+200e>2024
OS build	26100.8039
Experience	Windows Feature Experience Pack 1000.26100.300.0

So the machine that worked right away uses an older curl version and a older windows patch, and I can see that it uses TLS1.2 by default, so I tried to force the use of TLS1.2 in the non working computer and it worked (as shown above). So my work around was to disable TLS1.3 in the whole system, after that the latest version of the STM32Cube Core works like a clock.
Also I am in the process of updating the other machine (it will take a while because it was powered off for half a year) and I have a feeling that it will stop working as soon as it is updated. When I get the results I will make another post here.

Just one more thing that crossed my mind is this: the computer that I use for normal development do not quite meet the requirements for running Windows 11 (it fails because of the processor version - Intel(R) Core(TM) i7-7500U, everything else meets the requirements). If the other PC keeps working after being updated, this will be the only relevant difference between the two machines.

Julien D · ‎2026-03-26

@thiago-pontes wrote:
So my work around was to disable TLS1.3 in the whole system

Good catch! Thanks for sharing this to the community!

Could you explain how you achieve this? If other developers face the same issue. Via the Windows registry or something else?

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

thiago-pontes · ‎2026-03-26

I disabled it via the Windows registry:

This path:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client

Julien D · ‎2026-03-26

For the record, an internal ticket has been created as a follow-up to this issue.

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Thibault_B · ‎2026-04-27

Hi @thiago-pontes

We have tested different use case, using previous version of `cube-wrapper@0.8.3` and the newer one `cube-wrapper@0.10.2` which is the underlying bundle responsible for the issue you are encountering when issuing the following command

cube bundle list-online

.

We have tested on following platform: Windows 11 Pro 25H2, Windows 11 Pro 24H2, Linux and WSL2.

Both behind proxy and without proxy. We didn't encounter any issue when issuing the same command as you.

Although we noted that either Windows 11 Pro 25H2, Windows 11 Pro 24H2 is by default using TLS v1.2 on previous cube-wrapper version:

cube-wrapper 0.8.3 -> TLS 1.2

cube-wrapper 0.10.2 -> TLS 1.3

Linux & WSL2:

cube-wrapper 0.8.3 -> TLS 1.3

cube-wrapper 0.10.2 -> TLS 1.3

Dependencies that we are using have been updated and this is why that Windows now uses TLS v1.3.

We could reproduce the issue you had when enforcing TLS version to 1.0 or 1.1.

It seems the issue would probably come from you network settings / proxy blocking you or enforcing a TLS version older than v1.2.

Pavel A. · ‎2026-04-27

Additionally please check Windows event log for anything related to TLS failure.

There are few things that may prevent TLS 1.3 from working even if enabled in registry. One of them is FIPS mode enabled in the policy. 3rd party software also can cause this, if it spies (aka does "HTTPS inspection") on TLS 1.2, but cannot crack 1.3 yet. Since you get some invalid TLS response, this looks more likely.

thiago-pontes · ‎2026-04-29

Thanks, for the follow-up! I ended up having to reinstall Windows 11 and the problem was gone. Probably it was caused by an internal network setting, or 3rd party software as pointed by @Pavel A.
Thank you all for helping me investigating this!

Best regards,