curl and openSSL

James Secan james.secan at gmail.com
Wed Apr 13 14:33:48 UTC 2022


Thanks.  I’ll pass that along to the person from NASA who contacted me.

Jim
> On Apr 13, 2022, at 1:07 AM, Clemens Lang <cal at macports.org> wrote:
> 
> On Tue, Apr 12, 2022 at 02:16:08PM -0700, James Secan wrote:
>> It’s a US Gov’t site (NASA): cddis.nasa.gov.  I’m accessing data on
>> their Space Geodesy Data archive, pulling files from directory
>> archive/gnss/products/ionex.  I filed an initial complaint with them
>> yesterday before I knew in detail what was going on and had a response
>> asking for more info this morning.  I’ve sent them everything I know,
>> but have heard nothing back.  That was just this morning, so it’s too
>> soon to be getting antsy about a response from them.
> 
> Their server does not include a RFC5746 renegotiation_info extension in
> its ServerHello message. Modern TLS clients such as OpenSSL 3 consider
> this insecure. See https://datatracker.ietf.org/doc/html/rfc5746 for
> more details.
> 
> -- 
> Clemens



More information about the macports-users mailing list