brew: SSL error when downloading from homebrew.bintray.com
brew config output
HOMEBREW_VERSION: 3.0.2-112-g236c622
ORIGIN: https://github.com/Homebrew/brew
HEAD: 236c622b201fc00c36d7cf89d38ecb95db148c1c
Last commit: 12 hours ago
Core tap ORIGIN: https://github.com/Homebrew/homebrew-core
Core tap HEAD: 2eac3c31694fe4a1a4a4ee69d32215eddb949b16
Core tap last commit: 43 minutes ago
Core tap branch: master
HOMEBREW_PREFIX: /usr/local
HOMEBREW_CASK_OPTS: []
HOMEBREW_GITHUB_API_TOKEN: set
HOMEBREW_MAKE_JOBS: 8
Homebrew Ruby: 2.6.3 => /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby
CPU: octa-core 64-bit kabylake
Clang: 12.0 build 1200
Git: 2.30.1 => /usr/local/bin/git
Curl: 7.64.1 => /usr/bin/curl
macOS: 11.2.2-x86_64
CLT: 12.4.0.0.1.1610135815
Xcode: 12.4
brew doctor output
Your system is ready to brew.
- The
brew doctorabove contains no “Warning” lines.
What were you trying to do (and why)?
brew upgrade
What happened (include all command output)?
% brew upgrade -v
==> Upgrading 4 outdated packages:
boost 1.75.0_1 -> 1.75.0_2
icu4c 67.1 -> 68.2
harfbuzz 2.7.4 -> 2.7.4_1
node 15.10.0 -> 15.10.0_1
==> Upgrading icu4c 67.1 -> 68.2
/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/3.0.2-112-g236c622\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 11.2.2\)\ curl/7.64.1 --header Accept-Language:\ en --retry 3 --location --silent --head --request GET https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
==> Downloading https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/3.0.2-112-g236c622\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 11.2.2\)\ curl/7.64.1 --header Accept-Language:\ en --retry 3 --location --range 0-1 --dump-header - --write-out \%\{http_code\} --output /dev/null https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/3.0.2-112-g236c622\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 11.2.2\)\ curl/7.64.1 --header Accept-Language:\ en --fail --retry 3 --location --remote-time --continue-at 0 --output /Users/andreas/Library/Caches/Homebrew/downloads/9f189274160b8c0c4884e1b43cd8fb135852a035496379bf9dc447028120d8da--icu4c-68.2.big_sur.bottle.tar.gz.incomplete https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
Error: Failed to download resource "icu4c"
Download failed: https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
==> Upgrading boost 1.75.0_1 -> 1.75.0_2
/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/3.0.2-112-g236c622\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 11.2.2\)\ curl/7.64.1 --header Accept-Language:\ en --retry 3 --location --silent --head --request GET https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
==> Downloading https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/3.0.2-112-g236c622\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 11.2.2\)\ curl/7.64.1 --header Accept-Language:\ en --retry 3 --location --range 0-1 --dump-header - --write-out \%\{http_code\} --output /dev/null https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
/usr/bin/curl --disable --globoff --show-error --user-agent Homebrew/3.0.2-112-g236c622\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 11.2.2\)\ curl/7.64.1 --header Accept-Language:\ en --fail --retry 3 --location --remote-time --continue-at 0 --output /Users/andreas/Library/Caches/Homebrew/downloads/9f189274160b8c0c4884e1b43cd8fb135852a035496379bf9dc447028120d8da--icu4c-68.2.big_sur.bottle.tar.gz.incomplete https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
Error: Failed to download resource "icu4c"
Download failed: https://homebrew.bintray.com/bottles/icu4c-68.2.big_sur.bottle.tar.gz
[…same for other packages…]
What did you expect to happen?
Upgrade completes successfully
Step-by-step reproduction instructions (by running brew commands)
Run brew upgrade -v, see above.
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 74
- Comments: 47 (8 by maintainers)
Links to this issue
Commits related to this issue
- workflows/tests: set HOMEBREW_BOTTLE_DOMAIN This is a temporary workaround for the Bintray access issues. See https://github.com/Homebrew/brew/issues/10739#issuecomment-787482280 — committed to carlocab/homebrew-core by carlocab 3 years ago
- workflows/tests: set HOMEBREW_BOTTLE_DOMAIN (#72171) This is a temporary workaround for the Bintray access issues. See https://github.com/Homebrew/brew/issues/10739#issuecomment-787482280 — committed to Homebrew/homebrew-core by carlocab 3 years ago
- [Tests] temporary workaround due to https://github.com/Homebrew/brew/issues/10739 — committed to ljharb/nvm by ljharb 3 years ago
As a temporary workaround, I’ve found adding this to your /etc/hosts works:
54.188.157.32 homebrew.bintray.comIt looks like the bintray subdomains are all now CNAMEs to
jfrog.comwithout valid certificates, so CloudFront drops the connection. This IP is one that was found on a bintray.com subdomain a few days ago:As a workaround, you may temporarily use
HOMEBREW_BOTTLE_DOMAIN=https://dl.bintray.com/homebrew(don’t do this permanently or you’ll have issues when we switch over from Bintray in the coming weeks)Personally, I’d rather wait for the issue to be resolved than to ignore the security provided by SSL.
export HOMEBREW_BOTTLE_DOMAIN=https://dl.bintray.com/homebrew
Confirmed; it seems to be fixed.
For Linux, the URL should contain
linuxbrewinstead ofhomebrew.I’m hearing reports that this is starting to work for people without any workaround (just as I was considering releasing a workaround update!). Does it work for anyone now?
Give this comment 👍 or a 👎 if it’s now working or not working for you without the workaround.
@Bo98 It does indeed look like Bintray’s fixed their DNS. Works for me without any workaround now.
or inline
Responding to this issue with “Me too!” without any additional context is not useful. Please use the 👍 button on the original message (and the subscribe button if you want to be notified about comments) unless you have something meaningful to add that could help in fixing this issue.
Glad I found this, reinstalled brew and all. Now I know it’s just not me. US-West (California).
The remote end is not speaking SSL: it’s speaking in plain text. Check http://homebrew.bintray.com:443/ with a browser.
No, that happens in May. This is just an outage - and seemingly one only affecting certain regions.
Solution for Chinese users
Well if you are using Tuna (Like many other developers in China), you can use the bottles from tsinghua university or other mirrors:
https://mirrors.tuna.tsinghua.edu.cn/help/homebrew/
=>
This seems to be more the CDN can’t connect to the server. If you do just go to http://homebrew.bintray.com/ (no https) with a browser, you will get an error from the CDN of
403 ERROR The request could not be satisfied. Bad request. We can’t connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. Generated by cloudfront (CloudFront) Request ID: 6DYVF26w8y8gGxPhclHORfebbB4aehGPr1rGG7eLRqzsCvjO8QD75Q==
It seems to be a server-side cert error, so I don’t think a local toggle will help.
Same issue on GitHub actions.
Could possibly be CDN related (Bintray use AWS Cloudfront). It is working fine for me in the UK.