[Bug 1644153] Re: SSL handshake fails on xenial, yakkety, zesty

Chris Glass christopher.glass at canonical.com
Mon Nov 28 10:14:33 UTC 2016 

** Description changed:

- Package affected: python-jujuclient 0.50.5-0ubuntu1 (on Xenial)
+ [Impact]
  
- The python Juju client cannot make SSL connections to the server
- anymore, because TLS v1 was deprecated.
+  * The python Juju client cannot make SSL connections to the server anymore, because TLS v1.0 was deprecated on the server.
+  * Switching to TLS v1.2 fixes the problem entirely.
+  * Example failure: http://pastebin.ubuntu.com/23521446/
  
- Switching to TLS v1.2 fixes the problem entirely.
+ [Test case]
  
- Example failure: http://pastebin.ubuntu.com/23521446/
+ Steps to reproduce (works in a container, needs a valid juju
+ environment):
  
- lp:python-jujuclient is not affected by the problem, but the code is much diverged from the version in the archives, way too many changes for a SRU.
- The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0.
+  * Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default
+  * Install the package: sudo apt-get install python-jujuclient
+  * Set up an environment (ec2 works for instance)
+  * Bootstrap environment: "juju bootstrap # Note your environment's name"
+  * Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'
  
- TLS 1.2 connectivity is available in all affected releases.
+ [Regression Potential]
  
- Steps to reproduce (works in a container):
+  * None - the package is completely unusable in its current state
+ because of server changes. It can't get any worse :)
  
- - Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default
- - Install the package: sudo apt-get install python-jujuclient
- - Set up an environment (ec2 works for instance)
- - Bootstrap environment: "juju bootstrap # Note your environment's name"
- - Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'
+ [Other Info]
+ 
+  * The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0.
+  * TLS 1.2 connectivity is available in all targeted releases.
+  * lp:python-jujuclient (upstream) is not affected by the problem, but the code is much diverged from the version in the archives, with way too many changes for a SRU.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1644153

Title:
  SSL handshake fails on xenial, yakkety, zesty

Status in python-jujuclient:
  New
Status in python-jujuclient package in Ubuntu:
  Confirmed
Status in python-jujuclient source package in Xenial:
  New
Status in python-jujuclient source package in Yakkety:
  New
Status in python-jujuclient source package in Zesty:
  Confirmed

Bug description:
  [Impact]

   * The python Juju client cannot make SSL connections to the server anymore, because TLS v1.0 was deprecated on the server.
   * Switching to TLS v1.2 fixes the problem entirely.
   * Example failure: http://pastebin.ubuntu.com/23521446/

  [Test case]

  Steps to reproduce (works in a container, needs a valid juju
  environment):

   * Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default
   * Install the package: sudo apt-get install python-jujuclient
   * Set up an environment (ec2 works for instance)
   * Bootstrap environment: "juju bootstrap # Note your environment's name"
   * Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'

  [Regression Potential]

   * None - the package is completely unusable in its current state
  because of server changes. It can't get any worse :)

  [Other Info]

   * The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0.
   * TLS 1.2 connectivity is available in all targeted releases.
   * lp:python-jujuclient (upstream) is not affected by the problem, but the code is much diverged from the version in the archives, with way too many changes for a SRU.

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-jujuclient/+bug/1644153/+subscriptions

More information about the Ubuntu-sponsors mailing list