Hi, On Tue, Apr 12, 2022 at 09:17:03AM -0700, James Secan wrote: > I switched from using the macOS-supplied curl to MacPorts curl > recently, and one of my download scripts which uses curl immediately > stopped working. The error message from curl was: > > curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation > disabled > > From some googling it sounds like this is a problem on the server end > and not on my end. Am I reading this right (I am NOT any kind of > expert on SSL)?
Yes, mostly. Unsafe legacy renegotiation is a mechanism that is vulnerable to man in the middle attacks. Can you share which server your script was talking to, so I could take a closer look? > I’ve switched back to the macOS version of curl for now, but I may try > downloading a MacPorts version of curl that doesn’t use openSSL as > suggested in a StackExchange post I found. This is a message caused by OpenSSL 3.x, so not using OpenSSL will "fix" the issue, but leave you vulnerably to the man-in-the-middle vulnerable renegotiation. -- Clemens