➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2018-06-08 12:59 by dsanghan, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Messages (5) | |||
|---|---|---|---|
| msg319059 - (view) | Author: Dev Sanghani (dsanghan) | Date: 2018-06-08 12:59 | |
Output from Python3.5 with OpenSSL 1.0.2g:
>>> ssl.get_server_certificate(('mail.mani.pt', 993), ssl.PROTOCOL_TLSv1)
'-----BEGIN CERTIFICATE-----\nMIIDdDCCAlygAwIBAgIILeR0neMYiyUwDQYJKoZIhvcNAQEFBQAwSzELMAkGA1UE\nBhMCUFQxJTAjBgNVBAoTHE1BTkkgSU5kdXN0cmlhcyBQbGFzdGljYXMgU0ExFTAT\nBgNVBAMTDG1haWwubWFuaS5wdDAeFw0xODAxMjIxNDA3MDVaFw0yMjAxMjMxNDA3\nMDVaMEsxCzAJBgNVBAYTAlBUMSUwIwYDVQQKExxNQU5JIElOZHVzdHJpYXMgUGxh\nc3RpY2FzIFNBMRUwEwYDVQQDEwxtYWlsLm1hbmkucHQwggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDdSCNqjELZGKgjPf0NAwHmmR6ZUzDpt2HOwA+97DOP\nWwJ5NOYGeJzhM/yw+P/yAWKB8HzJO6CKCfwe4ilEVxcikK7Gj/rVqfzRb+hWTWC9\nr8lPzWCa3siNdf/rieONz2LR0d/Qf8Uml5NFJ3UkJAo5TZbWizjcLO4/mPrVysau\n5S4yE9pW8dkhENs/IVLce5cjn0WwMQvFntX1x303tAlyC362JEInHePxPmGmDDMo\n3sgBYziv90LlsOviJIbpju5/A1P9r0uXzDQmudZZPqlFHjqNXcdprfVyTgg/C4xQ\nE1UbSL8uIW0CVj9TxXp4njaIC/sr97ptJU/86isFveKBAgMBAAGjXDBaMB0GA1Ud\nDgQWBBSt1Z9m+CaYG+nf39Ty0TqabcaE4TALBgNVHQ8EBAMCArwwEwYDVR0lBAww\nCgYIKwYBBQUHAwEwFwYDVR0RBBAwDoIMbWFpbC5tYW5pLnB0MA0GCSqGSIb3DQEB\nBQUAA4IBAQBk7DQ/+1pYE+0yoHNChFVztjjJASQSas6DaPx9FOFYrPhh9lU5NmBy\nHIzMUHTlkgw/OE713+mPRlxegZWceA7akirhaWocQcOCXzeIQKNouMZ/4ktXIoqY\nmdcYVOS2Et+FBBT1+rAA6OMTDftCRPH/19stA7IcwWo+6GVLWIqCk/2lBNNYrZ0V\nMvwxQeeHcCz5HdU2o0ypROvkhG8Er5qGVeHAv+JCj+Q4EERMoDwocwS8eedwqqPe\nLVCWwSqS8SEizDRNZZfOoXT4AJ/L10RLrnz8wtSffoxS2pZMbhHEBr3WhA72v94L\nCDU+vO9t1YN3WpXeRZfKWLw/qEE8b65H\n-----END CERTIFICATE-----\n'
Output from Python3.6 with OpenSSL 1.1.0:
>>> ssl.get_server_certificate(('mail.mani.pt', 993), ssl.PROTOCOL_TLSv1)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.6/ssl.py", line 1223, in get_server_certificate
with context.wrap_socket(sock) as sslsock:
File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib/python3.6/ssl.py", line 814, in __init__
self.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 1068, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
|
|||
| msg321900 - (view) | Author: Alan Huang (Alan.Huang) * | Date: 2018-07-18 17:04 | |
This is an issue of cipher support, not a Python bug. mail.mani.pt supports the following (outdated) ciphers: RC4-SHA (0x05) RC4-MD5 (0x04) DES-CBC3-SHA (0x0a) EXP1024-DES-CBC-SHA (0x62) DES-CBC-SHA (0x09) EXP1024-RC4-SHA (0x64) EXP-RC2-CBC-MD5 (0x06) EXP-RC4-MD5 (0x03) OpenSSL 1.0.2k supports RC4-SHA, RC4-MD5, and DES-CBC3-SHA. OpenSSL 1.1.0g supports none of the above ciphers. As such, OpenSSL 1.1.0 cannot negotiate a shared cipher suite, but OpenSSL 1.0.2g can. Update your mailserver to use modern cipher suites and protocols. |
|||
| msg321960 - (view) | Author: Segev Finer (Segev Finer) * | Date: 2018-07-19 17:09 | |
Even if the server is outdated and the SSL library doesn't support it anymore, that's a poor exception to raise for such an error... Sadly I'm not able to access the affected server to reproduce and debug why it raises such a poor exception. |
|||
| msg321961 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2018-07-19 17:28 | |
It looks like the server is hard-killing the connection. It doesn't respond with a proper TLS error code. Instead the server response to the CLientHello with a FIN/ACK TCP package. The OSError is all we are getting from the network layer. 19:27:20.956332 IP 192.168.7.168.45884 > 195.22.7.222.imaps: Flags [S], seq 4225502143, win 29200, options [mss 1460,sackOK,TS val 2762111573 ecr 0,nop,wscale 7], length 0 19:27:21.007310 IP 195.22.7.222.imaps > 192.168.7.168.45884: Flags [S.], seq 2527363412, ack 4225502144, win 64240, options [mss 1452,nop,wscale 0,nop,nop,TS val 0 ecr 0,nop,nop,sackOK], length 0 19:27:21.007413 IP 192.168.7.168.45884 > 195.22.7.222.imaps: Flags [.], ack 1, win 229, options [nop,nop,TS val 2762111625 ecr 0], length 0 19:27:21.007775 IP 192.168.7.168.45884 > 195.22.7.222.imaps: Flags [P.], seq 1:111, ack 1, win 229, options [nop,nop,TS val 2762111625 ecr 0], length 110 19:27:21.060476 IP 195.22.7.222.imaps > 192.168.7.168.45884: Flags [F.], seq 1, ack 111, win 64130, options [nop,nop,TS val 37305785 ecr 2762111625], length 0 19:27:21.060767 IP 192.168.7.168.45884 > 195.22.7.222.imaps: Flags [F.], seq 111, ack 2, win 229, options [nop,nop,TS val 2762111678 ecr 37305785], length 0 19:27:21.111577 IP 195.22.7.222.imaps > 192.168.7.168.45884: Flags [.], ack 112, win 64130, options [nop,nop,TS val 37305786 ecr 2762111678], length 0 |
|||
| msg391306 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2021-04-17 18:59 | |
The issue has been stale for over two years. Closing. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:01 | admin | set | github: 77989 |
| 2021-04-17 18:59:48 | christian.heimes | set | status: open -> closed resolution: out of date messages: + msg391306 stage: resolved |
| 2018-07-19 17:28:11 | christian.heimes | set | messages: + msg321961 |
| 2018-07-19 17:09:14 | Segev Finer | set | nosy:
+ Segev Finer, - Alan.Huang messages: + msg321960 |
| 2018-07-18 17:04:30 | Alan.Huang | set | nosy:
+ Alan.Huang messages: + msg321900 |
| 2018-07-11 07:55:07 | serhiy.storchaka | set | type: crash -> behavior |
| 2018-06-08 12:59:14 | dsanghan | create | |