Re: HSTS policy breaks cpan utility on Windows

To set https as the default:

cpan> o conf urllist
    urllist           
    0 [https://www.cpan.org]
cpan> o conf urllist pop
cpan> o conf urllist https://www.cpan.org
cpan> o conf commit
[download]

A patch for FirstTime.pm:

--- FirstTime.pm.orig    2019-06-30 07:25:30.000000000 +0100
+++ FirstTime.pm    2019-11-21 12:45:34.742632425 +0000
@@ -1344,7 +1344,7 @@
             );
         }
         else {
-            $CPAN::Config->{urllist} = [ 'http://www.cpan.org/' ];
+            $CPAN::Config->{urllist} = [ 'https://www.cpan.org/' ];
         }
     }
     elsif (!$matcher || "urllist" =~ $matcher) {
[download]

Of course other parts of the module should be altered to reflect any changes to dependencies etc. I don't know what caused this to happen in the last few days for you. Perhaps some Windows update, GPO update or some network shenanigans?

Update: an existing PR to address this in a more complete fashion.

Comment on Re: HSTS policy breaks cpan utility on Windows Select or Download Code

Replies are listed 'Best First'.
Re^2: HSTS policy breaks cpan utility on Windows by syphilis (Archbishop) on Nov 22, 2019 at 00:41 UTC
cpan> o conf urllist https://www.cpan.org I had taken a look through MyConfig.pm, but failed to notice "urllist" and its setting. Amusingly, that alone didn't do the trick for me on Windows because HTTP::Tiny is used as the download agent - and it's not capable of https transfers on a fresh build of perl from source. Changing the "wget" setting to "wget" fixes that little problem. Thanks for the assistance !! Cheers, Rob	[reply]
Re^3: HSTS policy breaks cpan utility on Windows by marto (Cardinal) on Nov 22, 2019 at 12:28 UTC
"Amusingly, that alone didn't do the trick for me on Windows because HTTP::Tiny is used as the download agent - and it's not capable of https transfers on a fresh build of perl from source." Ah, sorry, I didn't appreciate that this was a perl you'd built yourself. Strawberry (I've no idea about AS these days) ships with the required IO::Socket::SSL and Net::SSLeay for direct SSL/https support within HTTP::Tiny.	[reply]