[opam-devel] Problem with ocaml.janestreet.com TLS cert?
Richard Mortier
richard.mortier at cl.cam.ac.uk
Sat Apr 18 16:32:03 BST 2015
Hi;
I seem to be having a problem with the Jane Street TLS cert for
ocaml.janestreet.com. OPAM is refusing to install sexplib etc as a
result. I presume this is a curl TLS issue and I need a magic
environment variable or something, but can't find it. Any ideas?
This is on OSX using homebrew curl and OPAM 1.2.0.
"""
...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01
--:--:-- 0curl: (56) SSLRead() return error -9841
000
[ERROR] https://ocaml.janestreet.com/ocaml-core/112.24/files/sexplib-112.24.01.tar.gz
is not available
[ERROR] Could not download archives of sexplib.112.24.01
'opam upgrade --verbose sexplib' failed.
""""
FWIW, visiting the site, Chrome complains:
"The identity of this website has been verified by VeriSign Class 3
Secure Server CA - G3 but does not have public audit records.
The site is using outdated security settings that may prevent future
versions of Chrome from being able to safely access it."
and
"Your connection to ocaml.janestreet.com is encrypted with obsolete
cryptography.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and
uses RSA as the key exchange mechanism."
--
Richard Mortier
richard.mortier at cl.cam.ac.uk
More information about the opam-devel
mailing list