Problem
@rbtcollins suggested I file this issue in rust-lang/www.rust-lang.org#1823.
On stock Ubuntu 14.04 LTS (which has extended security maintenance until 2024-04-25) that comes with curl 7.35.0 I see:
Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure
Warning: Not enforcing TLS v1.2, this is potentially less secure
Those warnings happen whether you add or not --proto '=https' --tlsv1.2 as currently recommended in https://github.com/rust-lang/www.rust-lang.org/blob/961dcbda8dff80eb19dd046d3e748d054e6b39d1/templates/components/tools/rustup.html.hbs#L20 and
|
<pre class="rustup-command">curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh</pre> |
I want to point out that rust-init.sh is correct in printing out those warnings. curl 7.35.0 that comes with stock Ubuntu 14.04 shows that it only support --tlsv1 when I look at the options using curl --help all as rust-init.sh does.
According to https://launchpad.net/ubuntu/trusty/+source/curl, 7.35.0 is indeed the latest version available for Ubuntu 14.04. Running sudo apt-get upgrade curl didn't change the result.
Disclaimer: I do not use Ubuntu 14.04 for anything, nor do I expect anyone reasonable to use that ancient version. I just looked up the oldest version of Ubuntu somebody might be using while researching for the PR I linked above and I was specifically looking to trigger that warning / take the corresponding code path.
Steps
- Install Ubuntu 14.04 LTS
- Try to install Rust with rustup:
curl https://sh.rustup.rs -sSf | sh
Possible Solution(s)
Do nothing. I think those warnings are expected in this case.
Notes
No response
Rustup version
Not applicable. We are trying to execute https://github.com/rust-lang/rustup/blob/843459f893091f89b2dd5c7a977da1b3eb28df1b/rustup-init.sh instead.
Installed toolchains
Problem
@rbtcollins suggested I file this issue in rust-lang/www.rust-lang.org#1823.
On stock Ubuntu 14.04 LTS (which has extended security maintenance until 2024-04-25) that comes with curl 7.35.0 I see:
Those warnings happen whether you add or not
--proto '=https' --tlsv1.2as currently recommended in https://github.com/rust-lang/www.rust-lang.org/blob/961dcbda8dff80eb19dd046d3e748d054e6b39d1/templates/components/tools/rustup.html.hbs#L20 andrustup/www/index.html
Line 31 in 843459f
I want to point out that
rust-init.shis correct in printing out those warnings. curl 7.35.0 that comes with stock Ubuntu 14.04 shows that it only support--tlsv1when I look at the options usingcurl --help allasrust-init.shdoes.According to https://launchpad.net/ubuntu/trusty/+source/curl, 7.35.0 is indeed the latest version available for Ubuntu 14.04. Running
sudo apt-get upgrade curldidn't change the result.Disclaimer: I do not use Ubuntu 14.04 for anything, nor do I expect anyone reasonable to use that ancient version. I just looked up the oldest version of Ubuntu somebody might be using while researching for the PR I linked above and I was specifically looking to trigger that warning / take the corresponding code path.
Steps
curl https://sh.rustup.rs -sSf | shPossible Solution(s)
Do nothing. I think those warnings are expected in this case.
Notes
No response
Rustup version
Not applicable. We are trying to execute https://github.com/rust-lang/rustup/blob/843459f893091f89b2dd5c7a977da1b3eb28df1b/rustup-init.sh instead.Installed toolchains
Not applicable.