On Nov 26, 2017, at 09:38, Daniel Stenberg wrote: > I've just pushed changes to the curl web site that makes it no longer link to > download mirrors that aren't using HTTPS. > > I blogged about it here: > > https://daniel.haxx.se/blog/2017/11/26/https-only-curl-mirrors/
The curl and openssl bundled with OS X 10.8.x and earlier cannot connect to your https server. $ /usr/bin/curl -I https://curl.haxx.se/download/curl-7.56.1.tar.gz curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version MacPorts uses that copy of libcurl. For this reason, MacPorts will continue to mirror your files on a CDN server with less restrictive https settings and which also allows http connections for even older systems. MacPorts checksums the files it downloads, so it is not possible for a MITM attack on this or any other server MacPorts uses to result in MacPorts installing malicious code. ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
