-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
routines::unsafe legacy renegotiation disabled #13
Comments
As a temporary work around on windows platforms, RAQSAPI will default to using the schannel curl backend. This does not affect non-windows platforms. |
mccroweyclinton-EPA
added a commit
that referenced
this issue
Jun 12, 2023
…e httr/curl Schannel backend as a temporary fix
mccroweyclinton-EPA
added a commit
that referenced
this issue
Jun 12, 2023
…e httr/curl Schannel backend as a temporary fix
mccroweyclinton-EPA
added a commit
that referenced
this issue
Jun 12, 2023
…e httr/curl Schannel backend as a temporary fix
After collaborationg with the IT security staff at EPA's NCC the necissary configurations were applied to the AQS API server and this issue is now solved. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
R package curl which is a dependency of httr which itself is a dependency of RAQSAPI throws the following error when attempting to connect to the AQS DataMart API server using RAQSAPI in R environments where the curl library uses the libssl library to establish an SSL connection with AQS DataMart.
The error message is as follows:
Error in `curl::curl_fetch_memory(url, handle = handle)`: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
It appears that this issue is due to a change in the openssl library wherein openssl no longer allows connections to domains which do not support RFC 5746.
R environments that are running on non-Windows systems or Windows systems where curl uses libssl seem to be affected. Users running more modern versions of Windows (Windows 10 or newer) can avoid this issue by setting curl to use the Windows Schannel backend.
To my current knowledge, there are no code changes to the RAQSAPI package that will fix this issue on systems that do not have access to the Windows Schannel API, this included all non-windows systems.
The only way to fix this issue is to have add support for RFC 5746 on the datamart API server or for the libssl library to re-add support for legacy renegotiation. The EPA is working with the EPA NCC on adding support for RFC 5746 to the EPA AQS Datamart API server in the meantime.
Until this issue is addressed all github actions unit test of RAQSAPI will fail due to SSL connectivity issues since github actions defaults to using openssl in the curl libraries on github actions runner systems.
The text was updated successfully, but these errors were encountered: