Many thanks Jeroen - that is very helpful, I was not aware of the capability in curl to switch SSL backends. (The backend also shows up in the curl package onLoad message, which is helpful).
Kind regards Petr > On 11. 1. 2022, at 1:04, Jeroen Ooms <jeroeno...@gmail.com> wrote: > > On Mon, Jan 10, 2022 at 11:22 AM Petr Bouchal <pbouc...@gmail.com> wrote: >> >> Dear all, >> >> In brief: on Monterey, R cannot reach certain web domains due to a bug in >> Libre SSL - and perhaps not relying on system curl/openssl in R would be a >> systematic solution to this and símilar issues. >> >> Specifically: on MacOS Monterey 12.1 using R 4.1.2, download.file() and >> other functions that rely on system-provided curl/openssl/Libre SSL >> (including in the curl package) have been failing on specific domains. >> >> So running >> >> download.file(“https://www.czso.cz/”, tempfile()) >> >> returns: >> >> status was ‘SSL connect error’ >> >> the underlying error being >> >> error:06FFF089:digital envelope routines:CRYPTO_internal:bad key length. > > I have to investigate this further (it looks like a buggy TLS server > actually), but as a workaround you can set an environment variable > CURL_SSL_BACKEND=SecureTransport when starting R, see for details: > https://curl.se/libcurl/c/libcurl-env.html > > The version of libcurl that is included with the past few versions of > MacOS is actually built with support for 2 TLS back-ends: LibreSSL and > native apple TLS (aka SecureTransport). You can override the default > using the environment variable above, but you have to set it before > libcurl gets initiated, hence before making any http connections in > the R session, e.g. in your .Renviron. > > You can see which version is active by looking at > curl::curl_version()$ssl_version, the version in parenthesis is Try > running: > > CURL_SSL_BACKEND=openssl R -e "curl::curl_version()$ssl_version" > CURL_SSL_BACKEND=SecureTransport R -e "curl::curl_version()$ssl_version" > > The same version of libcurl is also used by base-R in download.file(). > I've also explained this a bit (mostly for windows) in this vignette: > https://cran.r-project.org/web/packages/curl/vignettes/windows.html _______________________________________________ R-SIG-Mac mailing list R-SIG-Mac@r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
