[opam-devel] Problem with ocaml.janestreet.com TLS cert?

Török Edwin edwin+ml-ocaml at etorok.net
Sat Apr 18 19:54:38 BST 2015

On 04/18/2015 06:35 PM, Anil Madhavapeddy wrote:
> This is a broken `curl` command on base OSX.  Try switching to wget with:
>     export OPAMFETCH=wget
> CCing Yaron Minsky and Jeremie Diminio about the Jane Street setup -- this is
> likely a result of disabling SSLv3 due to the POODLE attack.
>> FWIW, visiting the site, Chrome complains:

I don't think this is related to the problem you're seeing with curl as curl works fine on Debian Jessie.

>> "The identity of this website has been verified by VeriSign Class 3
>> Secure Server CA - G3 but does not have public audit records.
>> The site is using outdated security settings that may prevent future
>> versions of Chrome from being able to safely access it."


>> and
>> "Your connection to ocaml.janestreet.com is encrypted with obsolete
>> cryptography.
>> The connection uses TLS 1.2.
>> The connection is encrypted and authenticated using AES_128_GCM and
>> uses RSA as the key exchange mechanism."

Probably complains about lack of ECDHE, but then Firefox does use ECHDE, and Chrome doesn't:

Best regards,

More information about the opam-devel mailing list