-
Notifications
You must be signed in to change notification settings - Fork 884
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unknown SSL protocol error in connection to rs.rustup.rs #179
Comments
This is likely connected to our use of Let's Encrypt for certs on this site. |
This is probably caused by an old version of curl trying to establish an SSLv3 connection, which is disabled as insecure on our server. I wonder if there's some other utility on these older macs that we can fall back to. Actually, short of using insecure SSL revisions there's probably nothing we can do here. We can't know ahead of time the user has an old curl. If there was some alternative to curl available on all macs we could use it unconditionally, but I can't imagine there's a better curl just sitting around waiting for us to discover it. |
Our backend could possibly look at the request header to detect old curls and return a custom error. |
I don't think it's the version of curl that's the problem - I have the same issue on SLES11 with a fresh curl version 7.49.1. I would imagine it's a problem with openssl rather than curl itself? |
I think I just ran into this same thing on a CentOS 6.7 box.
Update curl:
Same result. |
I get the same error. What should I do? |
I found a workaround, which I'm sorry I should have posted when I found it. I downloaded the mozilla ca-certificates bundle from the curl website to a location on disk, then set the I am not a security expert and have no idea if this is a good idea, but I've seen bundled certificate files before e.g. with conda and requests which suggests it's an ok practice. Also I downloaded the certificate using curl from the curl page over https. |
I used another workaround, I downloaded the shell script to my computer and uploaded it to the server via SCP... |
I'm also seeing this on centos5:
even with a newly built curl:
and I've tried upgrading the cert bundles to no avail. |
fwiw, rebuilding curl against a newer version of openssl repairs the issue for me:
|
Unfortunately it's not always possible to recompile |
right, but it points to the older openssl version as the cause of the client failure on older platforms - and not something easily flaggable/configurable like the protocol version, ssl certs, etc. |
Also solved by #1716. |
I believe centos6 is the oldest thing we now support and we've not had similar reports on that, so I'm closing this. If a similar issue still remains for you, please open a fresh issue. |
When trying to run
curl https://sh.rustup.rs -sSf | sh
as taken from the the website, curl errors withcurl: (35) Unknown SSL protocol error in connection to sh.rustup.rs:443
Same error for
https://www.rustup.rs
but not forhttps://static.rust-lang.org/rustup.sh
The text was updated successfully, but these errors were encountered: