On 15/07/2022 3:30 pm, Mark Brethen wrote:
I was trying to say that I skipped versions and upgraded from high
sierra to big sur.
Ah ha. So I read something completely different from "Other than
updating the system from High Sierra, nothing else"...
Indeed it looks like you are on macOS 11..
For reference what I get on macOS12 with curl -v is below..
How old is your /etc/ssl/cert.pem ?
> ls -lth /etc/ssl/cert.pem
-rw-r--r-- 1 root wheel 326K 9 May 22:30 /etc/ssl/cert.pem
what is yor system curl version ?
Oberon ~/Projects/MacPorts/ports > /usr/bin/curl --version
curl 7.79.1 (x86_64-apple-darwin21.0) libcurl/7.79.1 (SecureTransport)
LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.45.1
Release-Date: 2021-09-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap
ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos
Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets
Chris
/usr/bin/curl -L -v -o tetgen1.5.1.tar.gz
https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Trying 62.141.177.111:443...
* Connected to wias-berlin.de (62.141.177.111) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [319 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [21 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [5159 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=DE; ST=Berlin; L=Berlin; O=Forschungsverbund Berlin e.V.;
OU=Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS);
OU=RT; CN=www.wias-berlin.de
* start date: Aug 4 13:43:33 2021 GMT
* expire date: Sep 4 13:43:33 2022 GMT
* subjectAltName: host "wias-berlin.de" matched cert's "wias-berlin.de"
* issuer: C=DE; O=Verein zur Foerderung eines Deutschen
Forschungsnetzes e. V.; OU=DFN-PKI; CN=DFN-Verein Global Issuing CA
* SSL certificate verify ok.
> GET /software/tetgen/1.5/src/tetgen1.5.1.tar.gz HTTP/1.1
> Host: wias-berlin.de
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 15 Jul 2022 14:35:54 GMT
< Server: Apache-Coyote/1.1
< Strict-Transport-Security: max-age=63072000
< Accept-Ranges: bytes
< ETag: W/"282433-1534863100000"
< Last-Modified: Tue, 21 Aug 2018 14:51:40 GMT
< Content-Type: application/x-gzip
< Content-Length: 282433
<
{ [7906 bytes data]
100 275k 100 275k 0 0 742k 0 --:--:-- --:--:-- --:--:--
761k
* Connection #0 to host wias-berlin.de left intact
As to the version, is it 10.16 or 11? System profiler
says this:
*System Software Overview:*
System Version:macOS 11.6.7 (20G630)
Kernel Version:Darwin 20.6.0
Boot Volume:Macintosh HD
Boot Mode:Normal
Computer Name:brethen-air
User Name:Mark Brethen (marbre)
Secure Virtual Memory:Enabled
System Integrity Protection:Enabled
Time since boot:10 days 18:45
Mark Brethen
mark.bret...@gmail.com <mailto:mark.bret...@gmail.com>
On Jul 15, 2022, at 9:23 AM, Chris Jones <jon...@hep.phy.cam.ac.uk
<mailto:jon...@hep.phy.cam.ac.uk>> wrote:
On 15/07/2022 3:20 pm, Mark Brethen wrote:
I have big sur installed (In the ‘About This Mac’ it lists
‘Version11.6.7')
Sorry but you are being damn confusing. Why did you then mention 'High
Sierra' as your OS below ????
If you truly do have macOS11 installed, fully up to date, then I am
very surprised you are seeing SSL issues.... can anyone else on this
OS confirm if they see the same issue...
Mark Brethen
mark.bret...@gmail.com <mailto:mark.bret...@gmail.com>
On Jul 15, 2022, at 9:14 AM, Chris Jones <jon...@hep.phy.cam.ac.uk>
wrote:
On 15/07/2022 3:08 pm, Mark Brethen wrote:
~ $ /usr/bin/curl -L -v -o tetgen1.5.1.tar.gz
https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz
<https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz>
% Total % Received % Xferd Average Speed Time Time
Time Current
Dload Upload Total Spent
Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Trying 62.141.177.111...
* TCP_NODELAY set
* Connected to wias-berlin.de <http://wias-berlin.de>
(62.141.177.111) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [228 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [59 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [6122 bytes data]
* TLSv1.2 (IN), TLS alert, handshake failure (552):
{ [2 bytes data]
* error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert
handshake failure
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0
* Closing connection 0
curl: (35) error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3
alert handshake failure
Other than updating the system from High Sierra, nothing else. It
sounds like I may need to update my certificates?
Oh.... You said you where on macOS 11... I guess that was incorrect
and you really mean OSX 10.11 or.... what ? High Sierra is OSX 10.13
... Please try and be precise in your OS version as in this case it
really makes a difference...
So, assuming you are on 10.11, or 10.13... That OS is indeed old and
known to have SSL issues. The best solution is indeed to upgrade to
a newer OS (for many many reasons...)
