jklint opened a new issue, #1873:
URL: https://github.com/apache/libcloud/issues/1873
Running into an issue utilizing libcloud on Ubuntu 20.04. Per this bug
report [0] on Ubuntu, TLS versions below 1.2 are not permitted. My issue
appears to stem from the TLS version being set explicitly [1] to TLSv1. This
results in a traceback with a rather generic SSL error:
Traceback (most recent call last):
File "/opt/rpc-maas-tools/rpc-maas-tool.py", line 856, in <module>
cli = RpcMassCli()
File "/opt/rpc-maas-tools/rpc-maas-tool.py", line 250, in __init__
self.rpcm = RpcMaas(self.args.entitymatch,
File "/opt/rpc-maas-tools/rpc-maas-tool.py", line 74, in __init__
self._add_links()
File "/opt/rpc-maas-tools/rpc-maas-tool.py", line 116, in _add_links
for entry in self.overview:
File
"/openstack/venvs/maas-22.4.0/lib/python3.8/site-packages/libcloud/common/types.py",
line 115, in __iter__
self._load_all()
File
"/openstack/venvs/maas-22.4.0/lib/python3.8/site-packages/libcloud/common/types.py",
line 140, in _load_all
self._get_more(last_key=self._last_key,
File
"/openstack/venvs/maas-22.4.0/lib/python3.8/site-packages/rackspace_monitoring/drivers/rackspace.py",
line 233, in _get_more
response = self.connection.request(value_dict['url'], params)
File
"/openstack/venvs/maas-22.4.0/lib/python3.8/site-packages/rackspace_monitoring/drivers/rackspace.py",
line 148, in request
return super(RackspaceMonitoringConnection, self).request(
File
"/openstack/venvs/maas-22.4.0/lib/python3.8/site-packages/libcloud/common/openstack.py",
line 222, in request
return super(OpenStackBaseConnection, self).request(action=action,
File
"/openstack/venvs/maas-22.4.0/lib/python3.8/site-packages/libcloud/common/base.py",
line 860, in request
raise ssl.SSLError(str(e))
ssl.SSLError: ('[SSL] internal error (_ssl.c:1131)',)
I have confirmed that bumping SSL_VERSION to ssl.PROTOCOL_TLSv1_2 resolves
the issue. Since older TLS versions are being phased out, this is only going to
become an increasingly more common issue. Can the version be bumped or let the
underlying libraries handle the version negotiation?
[0]
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689/comments/5
[1]
https://github.com/apache/libcloud/blob/472708aec606cec3ad37827bbf12dd0cec0dee91/libcloud/security.py#L33
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
