[Bug 1644153] Re: SSL handshake fails on xenial, yakkety, zesty
Chris Glass
christopher.glass at canonical.com
Mon Nov 28 10:29:14 UTC 2016
I re-ran the outlined test-sequence without adding the juju-stable PPA
(like I originally did) to make sure this bug is not a side-effect of
the PPA.
It is not. It is reproducible on vanilla distro as outlined in the
description.
** Description changed:
[Impact]
* The python Juju client cannot make SSL connections to the server anymore, because TLS v1.0 was deprecated on the server.
* Switching to TLS v1.2 fixes the problem entirely.
* Example failure: http://pastebin.ubuntu.com/23521446/
[Test case]
Steps to reproduce (works in a container, needs a valid juju
environment):
- * Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default
+ * Install juju 1.25: sudo apt-get install juju-1-default juju-1.25
* Install the package: sudo apt-get install python-jujuclient
* Set up an environment (ec2 works for instance)
* Bootstrap environment: "juju bootstrap # Note your environment's name"
* Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'
[Regression Potential]
* None - the package is completely unusable in its current state
because of server changes. It can't get any worse :)
[Other Info]
* The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0.
* TLS 1.2 connectivity is available in all targeted releases.
* lp:python-jujuclient (upstream) is not affected by the problem, but the code is much diverged from the version in the archives, with way too many changes for a SRU.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1644153
Title:
SSL handshake fails on xenial, yakkety, zesty
Status in python-jujuclient:
New
Status in python-jujuclient package in Ubuntu:
Confirmed
Status in python-jujuclient source package in Xenial:
New
Status in python-jujuclient source package in Yakkety:
New
Status in python-jujuclient source package in Zesty:
Confirmed
Bug description:
[Impact]
* The python Juju client cannot make SSL connections to the server anymore, because TLS v1.0 was deprecated on the server.
* Switching to TLS v1.2 fixes the problem entirely.
* Example failure: http://pastebin.ubuntu.com/23521446/
[Test case]
Steps to reproduce (works in a container, needs a valid juju
environment):
* Install juju 1.25: sudo apt-get install juju-1-default juju-1.25
* Install the package: sudo apt-get install python-jujuclient
* Set up an environment (ec2 works for instance)
* Bootstrap environment: "juju bootstrap # Note your environment's name"
* Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")'
[Regression Potential]
* None - the package is completely unusable in its current state
because of server changes. It can't get any worse :)
[Other Info]
* The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0.
* TLS 1.2 connectivity is available in all targeted releases.
* lp:python-jujuclient (upstream) is not affected by the problem, but the code is much diverged from the version in the archives, with way too many changes for a SRU.
To manage notifications about this bug go to:
https://bugs.launchpad.net/python-jujuclient/+bug/1644153/+subscriptions
More information about the Ubuntu-sponsors
mailing list