routines::unsafe legacy renegotiation disabled

[mccroweyclinton-EPA]

R package curl which is a dependency of httr which itself is a dependency of RAQSAPI throws the following error when attempting to connect to the AQS DataMart API server using RAQSAPI in R environments where the curl library uses the libssl library to establish an SSL connection with AQS DataMart.

The error message is as follows:
Error in `curl::curl_fetch_memory(url, handle = handle)`: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

It appears that this issue is due to a change in the openssl library wherein openssl no longer allows connections to domains which do not support RFC 5746.

R environments that are running on non-Windows systems or Windows systems where curl uses libssl seem to be affected. Users running more modern versions of Windows (Windows 10 or newer) can avoid this issue by setting curl to use the Windows Schannel backend.

To my current knowledge, there are no code changes to the RAQSAPI package that will fix this issue on systems that do not have access to the Windows Schannel API, this included all non-windows systems.

The only way to fix this issue is to have add support for RFC 5746 on the datamart API server or for the libssl library to re-add support for legacy renegotiation. The EPA is working with the EPA NCC on adding support for RFC 5746 to the EPA AQS Datamart API server in the meantime.

Until this issue is addressed all github actions unit test of RAQSAPI will fail due to SSL connectivity issues since github actions defaults to using openssl in the curl libraries on github actions runner systems.

[mccroweyclinton-EPA]

As a temporary work around on windows platforms, RAQSAPI will default to using the schannel curl backend. This does not affect non-windows platforms.

[mccroweyclinton-EPA]

After collaborationg with the IT security staff at EPA's NCC the necissary configurations were applied to the AQS API server and this issue is now solved.