| 7 | | it's not clear to me why curl fails @ vb site, but OK @ oracle |
| 8 | | and wget's good at both. |
| | 8 | that includes |
| | 9 | |
| | 10 | Cipher suites (TLS 1.3): TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 |
| | 11 | Cipher suites (TLS 1.2): (none) |
| | 12 | |
| | 13 | clients, for a fair while now, match. we typically don't allow non-TLS 1.3 anymore. |
| | 14 | |
| | 15 | checking, virtualbox.org's ssl report |
| | 16 | |
| | 17 | https://www.ssllabs.com/ssltest/analyze.html?d=virtualbox.org |
| | 18 | |
| | 19 | shows no tls 1.3 support; only 1.2. and of those, only 1 strong, |
| | 20 | |
| | 21 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| | 22 | |
| | 23 | adding that suite to |
| | 24 | |
| | 25 | CipherSuites |
| | 26 | |
| | 27 | in |
| | 28 | |
| | 29 | /etc/ssl/openssl.conf |
| | 30 | |
| | 31 | does the trick. |
| | 32 | |
| | 33 | curl & dnf curl with the new repo gpgkey url work fine, now. |
| | 34 | |
| | 35 | wget wasn't sentitive to openssl config, as |
| | 36 | |
| | 37 | ldd `which wget` |grep -Ei "ssl|tls" |
| | 38 | libgnutls.so.30 => /lib64/libgnutls.so.30 (0x00007efd79200000) |
| | 39 | |
| | 40 | ldd `which curl` |grep -Ei "ssl|tls" |
| | 41 | libssl.so.3 => /lib64/libssl.so.3 (0x00007fad4132c000) |
| | 42 | |
| | 43 | it would be helpful virtualbox.org server to get bumped to include tls1.3 support. |
| | 44 | }}} |
