SSL handshake fails on xenial, yakkety, zesty
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-jujuclient |
New
|
Undecided
|
Unassigned | ||
python-jujuclient (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Unassigned | ||
Yakkety |
Fix Released
|
High
|
Unassigned | ||
Zesty |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
* The python Juju client cannot make SSL connections to the server anymore, because TLS v1.0 was deprecated on the server.
* Switching to TLS v1.2 fixes the problem entirely.
* Example failure: http://
[Test case]
Steps to reproduce (works in a container, needs a valid juju environment):
* Install juju 1.25: sudo apt-get install juju-1-default juju-1.25
* Install the package: sudo apt-get install python-jujuclient
* Set up an environment (ec2 works for instance)
* Bootstrap environment: "juju bootstrap # Note your environment's name"
* Run: python -c 'from jujuclient import Environment; Environment.
[Regression Potential]
* None - the package is completely unusable in its current state because of server changes. It can't get any worse :)
[Other Info]
* The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0.
* TLS 1.2 connectivity is available in all targeted releases.
* lp:python-jujuclient (upstream) is not affected by the problem, but the code is much diverged from the version in the archives, with way too many changes for a SRU.
description: | updated |
description: | updated |
description: | updated |
summary: |
- SSL handshake fails on xenial + SSL handshake fails on xenial, yakkety, zesty |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in python-jujuclient (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in python-jujuclient (Ubuntu Zesty): | |
importance: | Undecided → High |
Changed in python-jujuclient (Ubuntu Yakkety): | |
importance: | Undecided → High |
tags: |
added: verification-done-xenial verification-needed-yakkety removed: verification-needed |
tags: |
added: verification-done-yakkety removed: verification-needed-yakkety |
tags: |
added: verification-done-xenial verification-done-yakkety removed: verification-needed-xenial verification-needed-yakkety |
To fix the version in the archive on Xenial, the following patch can be applied to the package: https:/ /paste. ubuntu. com/23521491/