[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] [opam-devel] Problem with ocaml.janestreet.com TLS cert?

On 04/18/2015 06:35 PM, Anil Madhavapeddy wrote:
> This is a broken `curl` command on base OSX.  Try switching to wget with:
>     export OPAMFETCH=wget
> CCing Yaron Minsky and Jeremie Diminio about the Jane Street setup -- this is
> likely a result of disabling SSLv3 due to the POODLE attack.
>> FWIW, visiting the site, Chrome complains:

I don't think this is related to the problem you're seeing with curl as curl 
works fine on Debian Jessie.

>> "The identity of this website has been verified by VeriSign Class 3
>> Secure Server CA - G3 but does not have public audit records.
>> The site is using outdated security settings that may prevent future
>> versions of Chrome from being able to safely access it."


>> and
>> "Your connection to ocaml.janestreet.com is encrypted with obsolete
>> cryptography.
>> The connection uses TLS 1.2.
>> The connection is encrypted and authenticated using AES_128_GCM and
>> uses RSA as the key exchange mechanism."

Probably complains about lack of ECDHE, but then Firefox does use ECHDE, and 
Chrome doesn't:

Best regards,

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.