Closed krbrs closed 4 weeks ago
Also when using 1.3 it wont work as all packages are linked to openssl3 for 24.1 compatibility.
Same issue here.
It helped by just disabling the repo with editing via ssh: vi /usr/local/etc/pkg/repos/mimugmail.conf
:
enabled: yes
to enabled: no
mimugmail: {
url: "https://opn-repo.routerperformance.net/repo/${ABI}",
priority: 190,
enabled: no
}
this could later get reverted when the issue is solved.
Same issue here
Yes, it only works with community edition until Business switches to openssl3 with 24.4
Is there any way to work it out rather than wait for the new 24.4. version?
No, sorry
Updated to 24.4, still seeing errors
34938167296:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621:SSL alert number 70 34938167296:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621:SSL alert number 70 34938167296:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621:SSL alert number 70 pkg-static: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.pkg: Authentication error 34938167296:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621:SSL alert number 70
I have the same error with version 24.4. This is unfortunate, because I use a lot of OPNrepo packages.
Same issue here with latest version of business edition.
fixed now ...
I can not update pkg from the mimugmail mirror anymore after the recent 23.10.2 business edition Update.
Maybe it's because of this change?
https://forum.opnsense.org/index.php?topic=38534.0 "firmware: disallow TLS lower than 1.3 on business mirror"
https://github.com/opnsense/core/commit/daf467f69c03b227d705ba55a7ef9e351a838614
Full Check for Update log:
running
curl -vI https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.txz
shows that the connection is established using TLS1.2 and not TLS1.3 which seems to be the reason why it fails.Can you verify this from your side? Is there any way to force fetching your repo using TLS1.2? Or is it possible to update the repo server to support TLS1.3?
If you need more info, please let me know!