[opam-devel] Problem with ocaml.janestreet.com TLS cert?

Richard Mortier richard.mortier at cl.cam.ac.uk
Sat Apr 18 16:32:03 BST 2015


Hi;

I seem to be having a problem with the Jane Street TLS cert for
ocaml.janestreet.com. OPAM is refusing to install sexplib etc as a
result. I presume this is a curl TLS issue and I need a magic
environment variable or something, but can't find it. Any ideas?

This is on OSX using homebrew curl and OPAM 1.2.0.

"""
...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01
--:--:--     0curl: (56) SSLRead() return error -9841
000
[ERROR] https://ocaml.janestreet.com/ocaml-core/112.24/files/sexplib-112.24.01.tar.gz
is not available
[ERROR] Could not download archives of sexplib.112.24.01

'opam upgrade --verbose sexplib' failed.
""""

FWIW, visiting the site, Chrome complains:

"The identity of this website has been verified by VeriSign Class 3
Secure Server CA - G3 but does not have public audit records.

The site is using outdated security settings that may prevent future
versions of Chrome from being able to safely access it."

and

"Your connection to ocaml.janestreet.com is encrypted with obsolete
cryptography.

The connection uses TLS 1.2.

The connection is encrypted and authenticated using AES_128_GCM and
uses RSA as the key exchange mechanism."

-- 
Richard Mortier
richard.mortier at cl.cam.ac.uk


More information about the opam-devel mailing list