Thursday, August 31, 2017

TLS only for www.cpan.org

www.cpan.org has supported TLS since March. We're planning to make it TLS-only later in September, pending feedback. To start the process the homepage now redirects to the TLS version. Over the next days and weeks we'll make more and more of the URLs TLS-only.

Please let us know if this causes problems for common CPAN clients.

(IPv6 has also been re-enabled for www.cpan.org).

2 comments:

  1. First, thank you for maintaining www.cpan.org!

    I think "TLS only for www.cpan.org" affects cpanminus users.
    If someone has LWP but not LWP::Protocol::https, then they will fail to install modules with cpanminus.
    Please look at this:
    https://gist.github.com/skaji/0db925038a9cd3aae0b04e778219dcfb

    This is because cpanminus checks whether LWP works with https or not
    only when mirror urls start with "https".
    https://github.com/miyagawa/cpanminus/blob/6b2c8805167bb5d5938e9614554696e688feb7d4/lib/App/cpanminus/script.pm#L2929-L2938

    ReplyDelete
  2. Why? Just because Chrome wants you to?

    ReplyDelete