Ask Your Question

Revision history [back]

There is something wrong with the trusted ciphers. FC24-25 defaults to FUTURE set of ciphers in /etc/crypto-policies/config. Changing that to default and running update-crypto-policies fixed this for me. Something is probably off in the FUTURE backends/gnutls.config.

With FUTURE even wget gets an error on the cert:

wget -p -O /dev/null "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f25&arch=x86_64"
WARNING: combining -O with -r or -p will mean that all downloaded content
will be placed in the single file you specified.

--2016-11-28 13:51:25--  https://mirrors.fedoraproject.org/metalink?repo=updates-released-f25&arch=x86_64
Resolving mirrors.fedoraproject.org (mirrors.fedoraproject.org)... 209.132.181.15, 66.35.62.162, 140.211.169.196, ...
Connecting to mirrors.fedoraproject.org (mirrors.fedoraproject.org)|209.132.181.15|:443... connected.
ERROR: The certificate of ‘mirrors.fedoraproject.org’ is not trusted.
ERROR: The certificate of ‘mirrors.fedoraproject.org’ was signed using an insecure algorithm.