Not logged inOcean Color Forum
Up Topic Products and Algorithms / Satellite Data Access / Wget, Git or Curl built against older versions of GnuTLS can not connect to HTTPS
- By tintinabula Date 2017-02-14 12:23
Older versions of GnuTLS do not support modern, secure ciphers used by the OceanColor (OBPG) HTTPS servers. If you are using a client like Wget, Git or Curl built against an older version of GnuTLS then you may see an error similar to, "Unable to establish SSL connection" or "cipher not supported". The OceanColor HTTPS servers require AES 128 bit or AES 256 bit  Galois/Counter Mode (GCM) ciphers.

To query if your client is built against gnutls or openssl use the "--verbose" argument with the client binary. For example, wget on Ubuntu 16.04 LTS is built against OpenSSL.

$ wget -V
GNU Wget 1.17.1 built on linux-gnu.
Link:
  .... openssl.o

We recommend updating your operating system (OS) to receive the latest versions of the client binaries and GnuTLS libraries as well as any security updates released by the developers. Updating to the latest patches may give you newer binaries which support newer ciphers. Another option is upgrading to the latest version of your OS. For example, if you are using Ubuntu 12.04 then upgrade to Ubuntu 16.04 which supports the newest ciphers and is able to connect to the OceanColor servers without issue. Check with your local system administrator if you need help.

If you can not update your OS then we recommend building your download client against OpenSSL or the newest version of GnuTLS  downloaded from the GnuTLS website. Search Google for "build wget from source" or "build git from source" for many public tutorials.
Up Topic Products and Algorithms / Satellite Data Access / Wget, Git or Curl built against older versions of GnuTLS can not connect to HTTPS

Powered by mwForum 2.29.7 © 1999-2015 Markus Wichitill