On Mon, Jan 10, 2022 at 11:22 AM Petr Bouchal <pbouc...@gmail.com> wrote: > > Dear all, > > In brief: on Monterey, R cannot reach certain web domains due to a bug in > Libre SSL - and perhaps not relying on system curl/openssl in R would be a > systematic solution to this and símilar issues. > > Specifically: on MacOS Monterey 12.1 using R 4.1.2, download.file() and other > functions that rely on system-provided curl/openssl/Libre SSL (including in > the curl package) have been failing on specific domains. > > So running > > download.file(“https://www.czso.cz/”, tempfile()) > > returns: > > status was ‘SSL connect error’ > > the underlying error being > > error:06FFF089:digital envelope routines:CRYPTO_internal:bad key length.
I have to investigate this further (it looks like a buggy TLS server actually), but as a workaround you can set an environment variable CURL_SSL_BACKEND=SecureTransport when starting R, see for details: https://curl.se/libcurl/c/libcurl-env.html The version of libcurl that is included with the past few versions of MacOS is actually built with support for 2 TLS back-ends: LibreSSL and native apple TLS (aka SecureTransport). You can override the default using the environment variable above, but you have to set it before libcurl gets initiated, hence before making any http connections in the R session, e.g. in your .Renviron. You can see which version is active by looking at curl::curl_version()$ssl_version, the version in parenthesis is Try running: CURL_SSL_BACKEND=openssl R -e "curl::curl_version()$ssl_version" CURL_SSL_BACKEND=SecureTransport R -e "curl::curl_version()$ssl_version" The same version of libcurl is also used by base-R in download.file(). I've also explained this a bit (mostly for windows) in this vignette: https://cran.r-project.org/web/packages/curl/vignettes/windows.html _______________________________________________ R-SIG-Mac mailing list R-SIG-Mac@r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
