[opam-devel] Problem with ocaml.janestreet.com TLS cert?
edwin+ml-ocaml at etorok.net
Sat Apr 18 19:54:38 BST 2015
On 04/18/2015 06:35 PM, Anil Madhavapeddy wrote:
> This is a broken `curl` command on base OSX. Try switching to wget with:
> export OPAMFETCH=wget
> CCing Yaron Minsky and Jeremie Diminio about the Jane Street setup -- this is
> likely a result of disabling SSLv3 due to the POODLE attack.
>> FWIW, visiting the site, Chrome complains:
I don't think this is related to the problem you're seeing with curl as curl works fine on Debian Jessie.
>> "The identity of this website has been verified by VeriSign Class 3
>> Secure Server CA - G3 but does not have public audit records.
>> The site is using outdated security settings that may prevent future
>> versions of Chrome from being able to safely access it."
>> "Your connection to ocaml.janestreet.com is encrypted with obsolete
>> The connection uses TLS 1.2.
>> The connection is encrypted and authenticated using AES_128_GCM and
>> uses RSA as the key exchange mechanism."
Probably complains about lack of ECDHE, but then Firefox does use ECHDE, and Chrome doesn't:
More information about the opam-devel