error:0A000152:SSL routines::unsafe legacy renegotiation disabled with Shibboleth SP 3.4

[Cantor, Scott]

>    It's unclear why that is failing now, but something in openssl most
>    likely is the culprit as that's the only major change? Unless something
>    else would make it not follow a redirect.

That's up to curl, not OpenSSL. We do let it follow redirects, because we don't actually use the HTTP or even the TLS layer for securing the metadata. I did of course update curl on Windows also but that's not the sort of thing that would have changed.

-- Scott