Thursday, August 31, 2017

TLS only for www.cpan.org

www.cpan.org has supported TLS since March. We're planning to make it TLS-only later in September, pending feedback. To start the process the homepage now redirects to the TLS version. Over the next days and weeks we'll make more and more of the URLs TLS-only.

Please let us know if this causes problems for common CPAN clients.

(IPv6 has also been re-enabled for www.cpan.org).
on

3 comments:

  1. skajiSeptember 5, 2017 at 9:29 AM

    First, thank you for maintaining www.cpan.org!

    I think "TLS only for www.cpan.org" affects cpanminus users.
    If someone has LWP but not LWP::Protocol::https, then they will fail to install modules with cpanminus.
    Please look at this:
    https://gist.github.com/skaji/0db925038a9cd3aae0b04e778219dcfb

    This is because cpanminus checks whether LWP works with https or not
    only when mirror urls start with "https".
    https://github.com/miyagawa/cpanminus/blob/6b2c8805167bb5d5938e9614554696e688feb7d4/lib/App/cpanminus/script.pm#L2929-L2938

    ReplyDelete
  2. ДавидычSeptember 7, 2017 at 1:09 PM

    Why? Just because Chrome wants you to?

    ReplyDelete
  3. UnknownNovember 10, 2017 at 2:11 PM

    There is a international effort on web to make it more secure. It's not only Google Chrome. We need a better web, since these days we cannot even trust on our processors (Intel/ME).

    ReplyDelete

Subscribe to: Post Comments (Atom)