Good morning! Heroku (where crates.io is hosted) announced awhile ago that SSL is available through SNI and will be gaining extra features in the future. We’ve also received a request internally from Mozilla to move over to this system. Currently crates.io has an “endpoint” SSL configuration meaning we have a dedicated IP for crates.io and SSL connections.
The downside of this transition, however, is that SNI will be required to connect to crates.io. SNI is a pretty old feature at this point and Heroku has a nifty compatibility chart. Seeing how crates.io is not primarily accessed through browsers, however, I’d like to both canvas the community and give everyone a heads up about this change.
If you answer yes to any of these questions, please take a moment to test things out! (instructions below)
- Do you access crates.io with a tool that’s not Cargo?
- Do you access crates.io with a non-official Cargo binary?
- Do you visit crates.io with an ancient tool/browser?
If you visit crates.io in a modern browser and/or otherwise use official Cargo builds, then you should have nothing to worry about. If you answered “yes” to any of those questions, however, you may wish to verify to see if your tool/browser supports SNI.
Eventually I’ll change the DNS for crates.io to point to
crates.io.herokudns.com. You can test out this change locally by forcing crates.io to resolve to the IPs that
crates.io.herokudns.com. If you’re on Linux/OSX you can test this out as follows.
First, you can determine an IP:
If a number of IP addresses are returned, you can just copy one. Next, open up
/etc/hosts and add this line:
For example I added this locally:
Next, you can access crates.io with your tool locally. For example I ran
cargo update && cargo fetch.
Please respond here or otherwise contact me if any issues arise! We’d like to make this transition in the next week or so, and we’d ideally like to ensure there are no service disruptions along the way!