Hmm, I can reproduce the error your seeing on 10.10.4 as well but it's not clear to me that this is an SSLv3 issue.
$ openssl s_client -connect ocaml.janestreet.com:443 -ssl3 CONNECTED(00000003) 51476:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.30.1/src/ssl/s3_pkt.c:1145:SSL alert number 40 51476:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.30.1/src/ssl/s3_pkt.c:566: I'm investigating. On Sun, Oct 4, 2015 at 5:26 AM, Anil Madhavapeddy <[email protected]> wrote: > (x-posting to opam-devel as an fyi in case anyone else runs into this) > > Using OSX 10.11 results in an SSLv3 error from the upstream distfile server > on ocaml.janestreet.com. Could it please be reconfigured to use TLS 1.0 or > higher? Workaround is to "brew install wget", which is less secure out of > the box. > > $ curl --write-out %{http_code}\n --insecure --retry 3 --retry-delay 2 -OL > > https://ocaml.janestreet.com/ocaml-core/113.00/files/sexplib-113.00.00.tar.gz > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 > curl: (56) SSLRead() return error -9841 > > Louis, this manifests as a hard-to-debug error, since the curl command line > doesn't seem to get output anywhere (even when using OPAMDEBUG=1). Is there > some other way than modifying the OPAM source code to see all the commands > that are being shelled out? > > -anil > > -- > You received this message because you are subscribed to the Google Groups > "ocaml-core" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. _______________________________________________ opam-devel mailing list [email protected] http://lists.ocaml.org/listinfo/opam-devel
