|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] [opam-devel] Problem with ocaml.janestreet.com TLS cert?
On 04/18/2015 06:35 PM, Anil Madhavapeddy wrote: > This is a broken `curl` command on base OSX. Try switching to wget with: > > export OPAMFETCH=wget > > CCing Yaron Minsky and Jeremie Diminio about the Jane Street setup -- this is > likely a result of disabling SSLv3 due to the POODLE attack. > >> FWIW, visiting the site, Chrome complains: I don't think this is related to the problem you're seeing with curl as curl works fine on Debian Jessie. >> >> "The identity of this website has been verified by VeriSign Class 3 >> Secure Server CA - G3 but does not have public audit records. >> >> The site is using outdated security settings that may prevent future >> versions of Chrome from being able to safely access it." https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know >> >> and >> >> "Your connection to ocaml.janestreet.com is encrypted with obsolete >> cryptography. >> >> The connection uses TLS 1.2. >> >> The connection is encrypted and authenticated using AES_128_GCM and >> uses RSA as the key exchange mechanism." >> Probably complains about lack of ECDHE, but then Firefox does use ECHDE, and Chrome doesn't: https://www.ssllabs.com/ssltest/analyze.html?d=ocaml.janestreet.com Best regards, --Edwin _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |