Updated MacPorts curl implementation behaves differently from previous version and macOS curl
As your MacPort curl --version
command shows, it uses OpenSSL 3.0.0 to connect to secure http sites, while the macOS /usr/bin/curl
uses LibreSSL 2.8.3 for the same.
The error you are getting for not being able to connect to ahpra.gov.au is due to them using an SSL server without Renegotiation Indication Extension, which makes the secure connection vulnerable to a man-in-the-middle attack. OpenSSL seems to have chosen to be extra cautious here, and thus refuses to establishes a potentially unsafe secure connection. (The link provided by Gordon Davisson discusses this on Github - unsafe legacy renegotiation disabled #16278).
So if you still want to use MacPorts curl, you will have to use it without OpenSSL. Fortunately, Macports does offer different variants of curl that do not use OpenSSL. Macports curl is available with:
- darwinssl - Allow secure connections using Apple OS native TLS.
- gnutls - Allow secure connections using GNU TLS.
- wolfssl - Allow secure connections using wolfSSL (formerly CyaSSL).
You can thus opt for one of these variants. The MacPorts command to install a different variant of an app is
sudo port install name-of-app +variant
So in your case, if you want to use the macOS built-in library instead of OpenSSL, you should uninstall the current MacPorts curl (sudo port uninstall curl
) and install the darwinssl curl variant (sudo port install curl +darwinssl
).