[Bug 1644153] Re: SSL handshake fails on xenial, yakkety, zesty

[Chris Glass]

** Description changed:

  Package affected: python-jujuclient 0.50.5-0ubuntu1 (on Xenial)
  
  The python Juju client cannot make SSL connections to the server
  anymore, because TLS v1 was deprecated.
  
  Switching to TLS v1.2 fixes the problem entirely.
  
  Example failure: http://pastebin.ubuntu.com/23521446/
  
- It seems like lp:python-jujuclient already has the fix.
+ lp:python-jujuclient is not affected by the problem, but the code is
+ much diverged from the version in the archives, way too many changes for
+ a SRU.
+ 
+ Steps to reproduce (works in a container):
+ 
+ - Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default
+ - Install the package: sudo apt-get install python-jujuclient
+ - Set up an environment (ec2 works for instance)
+ - Bootstrap environment: "juju bootstrap <your environment's name>"
+ - Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'

** Description changed:

  Package affected: python-jujuclient 0.50.5-0ubuntu1 (on Xenial)
  
  The python Juju client cannot make SSL connections to the server
  anymore, because TLS v1 was deprecated.
  
  Switching to TLS v1.2 fixes the problem entirely.
  
  Example failure: http://pastebin.ubuntu.com/23521446/
  
  lp:python-jujuclient is not affected by the problem, but the code is
  much diverged from the version in the archives, way too many changes for
  a SRU.
  
  Steps to reproduce (works in a container):
  
  - Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default
  - Install the package: sudo apt-get install python-jujuclient
  - Set up an environment (ec2 works for instance)
- - Bootstrap environment: "juju bootstrap <your environment's name>"
+ - Bootstrap environment: "juju bootstrap # Note your environment's name"
  - Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'

** Description changed:

  Package affected: python-jujuclient 0.50.5-0ubuntu1 (on Xenial)
  
  The python Juju client cannot make SSL connections to the server
  anymore, because TLS v1 was deprecated.
  
  Switching to TLS v1.2 fixes the problem entirely.
  
  Example failure: http://pastebin.ubuntu.com/23521446/
  
- lp:python-jujuclient is not affected by the problem, but the code is
- much diverged from the version in the archives, way too many changes for
- a SRU.
+ lp:python-jujuclient is not affected by the problem, but the code is much diverged from the version in the archives, way too many changes for a SRU.
+ The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0.
+ 
+ TLS 1.2 connectivity is available in all affected releases.
  
  Steps to reproduce (works in a container):
  
  - Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default
  - Install the package: sudo apt-get install python-jujuclient
  - Set up an environment (ec2 works for instance)
  - Bootstrap environment: "juju bootstrap # Note your environment's name"
  - Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1644153

Title:
  SSL handshake fails on xenial, yakkety, zesty

Status in python-jujuclient:
  New
Status in python-jujuclient package in Ubuntu:
  Confirmed

Bug description:
  Package affected: python-jujuclient 0.50.5-0ubuntu1 (on Xenial)

  The python Juju client cannot make SSL connections to the server
  anymore, because TLS v1 was deprecated.

  Switching to TLS v1.2 fixes the problem entirely.

  Example failure: http://pastebin.ubuntu.com/23521446/

  lp:python-jujuclient is not affected by the problem, but the code is much diverged from the version in the archives, way too many changes for a SRU.
  The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0.

  TLS 1.2 connectivity is available in all affected releases.

  Steps to reproduce (works in a container):

  - Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default
  - Install the package: sudo apt-get install python-jujuclient
  - Set up an environment (ec2 works for instance)
  - Bootstrap environment: "juju bootstrap # Note your environment's name"
  - Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-jujuclient/+bug/1644153/+subscriptions