[opam-devel] Problem with ocaml.janestreet.com TLS cert?
anil at recoil.org
Sat Apr 18 16:35:14 BST 2015
This is a broken `curl` command on base OSX. Try switching to wget with:
CCing Yaron Minsky and Jeremie Diminio about the Jane Street setup -- this is
likely a result of disabling SSLv3 due to the POODLE attack.
> On 18 Apr 2015, at 16:32, Richard Mortier <richard.mortier at cl.cam.ac.uk> wrote:
> I seem to be having a problem with the Jane Street TLS cert for
> ocaml.janestreet.com. OPAM is refusing to install sexplib etc as a
> result. I presume this is a curl TLS issue and I need a magic
> environment variable or something, but can't find it. Any ideas?
> This is on OSX using homebrew curl and OPAM 1.2.0.
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- 0:00:01
> --:--:-- 0curl: (56) SSLRead() return error -9841
> [ERROR] https://ocaml.janestreet.com/ocaml-core/112.24/files/sexplib-112.24.01.tar.gz
> is not available
> [ERROR] Could not download archives of sexplib.112.24.01
> 'opam upgrade --verbose sexplib' failed.
> FWIW, visiting the site, Chrome complains:
> "The identity of this website has been verified by VeriSign Class 3
> Secure Server CA - G3 but does not have public audit records.
> The site is using outdated security settings that may prevent future
> versions of Chrome from being able to safely access it."
> "Your connection to ocaml.janestreet.com is encrypted with obsolete
> The connection uses TLS 1.2.
> The connection is encrypted and authenticated using AES_128_GCM and
> uses RSA as the key exchange mechanism."
> Richard Mortier
> richard.mortier at cl.cam.ac.uk
> opam-devel mailing list
> opam-devel at lists.ocaml.org
More information about the opam-devel