[opam-devel] distfiles for ocaml.janestreet.com need an SSL upgrade
Dominick LoBraico
d at lobraico.com
Sun Oct 4 15:41:29 BST 2015
Hmm, I can reproduce the error your seeing on 10.10.4 as well but it's
not clear to me that this is an SSLv3 issue.
$ openssl s_client -connect ocaml.janestreet.com:443 -ssl3
CONNECTED(00000003)
51476:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.30.1/src/ssl/s3_pkt.c:1145:SSL
alert number 40
51476:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:/SourceCache/OpenSSL098/OpenSSL098-52.30.1/src/ssl/s3_pkt.c:566:
I'm investigating.
On Sun, Oct 4, 2015 at 5:26 AM, Anil Madhavapeddy <anil at recoil.org> wrote:
> (x-posting to opam-devel as an fyi in case anyone else runs into this)
>
> Using OSX 10.11 results in an SSLv3 error from the upstream distfile server
> on ocaml.janestreet.com. Could it please be reconfigured to use TLS 1.0 or
> higher? Workaround is to "brew install wget", which is less secure out of the box.
>
> $ curl --write-out %{http_code}\n --insecure --retry 3 --retry-delay 2 -OL
> https://ocaml.janestreet.com/ocaml-core/113.00/files/sexplib-113.00.00.tar.gz
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
> curl: (56) SSLRead() return error -9841
>
> Louis, this manifests as a hard-to-debug error, since the curl command line
> doesn't seem to get output anywhere (even when using OPAMDEBUG=1). Is there
> some other way than modifying the OPAM source code to see all the commands
> that are being shelled out?
>
> -anil
>
> --
> You received this message because you are subscribed to the Google Groups "ocaml-core" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ocaml-core+unsubscribe at googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
More information about the opam-devel
mailing list