Not sure if this is related with issue #13626 which is the only thing that Google knows about these handshake failures. In case it matters:
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
== CPython 2.7.6 (default, Apr 14 2014, 15:12:21) [GCC 4.8.2]
== Linux-2.6.32-358.el6.x86_64-x86_64-with-redhat-6.4-Santiago little-endian
== /glade/scratch/ddvento/build/Python-2.7.6/build/test_python_18521
Testing with flags: sys.flags(debug=0, py3k_warning=0, division_warning=0, division_new=0, inspect=0, interactive=0, optimize=0, dont_write_bytecode=0, no_user_site=0, no_site=0, ignore_environment=0, tabcheck=0, verbose=0, unicode=0, bytes_warning=0, hash_randomization=0)
test_ssl
test_sslwrap_simple (test.test_ssl.BasicTests) ... ok
test_DER_to_PEM (test.test_ssl.BasicSocketTests) ... ok
test_ciphers (test.test_ssl.BasicSocketTests) ... ok
test_constants (test.test_ssl.BasicSocketTests) ... ok
test_openssl_version (test.test_ssl.BasicSocketTests) ... ok
test_parse_cert (test.test_ssl.BasicSocketTests) ...
{'notAfter': 'Oct 5 23:01:56 2020 GMT',
'subject': ((('countryName', u'XY'),),
(('localityName', u'Castle Anthrax'),),
(('organizationName', u'Python Software Foundation'),),
(('commonName', u'localhost'),)),
'subjectAltName': (('DNS', 'localhost'),)}
{'issuer': ((('countryName', u'US'),),
(('organizationName', u'VeriSign, Inc.'),),
(('organizationalUnitName', u'VeriSign Trust Network'),),
(('organizationalUnitName',
u'Terms of use at https://www.verisign.com/rpa (c)10'),),
(('commonName',
u'VeriSign Class 3 International Server CA - G3'),)),
'notAfter': 'Sep 20 23:59:59 2012 GMT',
'notBefore': 'Sep 21 00:00:00 2011 GMT',
'serialNumber': '2EE6EA7640A075CEE5005F4D7C79549A',
'subject': ((('countryName', u'FI'),),
(('stateOrProvinceName', u'Espoo'),),
(('localityName', u'Espoo'),),
(('organizationName', u'Nokia'),),
(('organizationalUnitName', u'BI'),),
(('commonName', u'projects.developer.nokia.com'),)),
'subjectAltName': (('DNS', 'projects.developer.nokia.com'),
('DNS', 'projects.forum.nokia.com')),
'version': 3}
ok
test_parse_cert_CVE_2013_4238 (test.test_ssl.BasicSocketTests) ...
{'issuer': ((('countryName', u'US'),),
(('stateOrProvinceName', u'Oregon'),),
(('localityName', u'Beaverton'),),
(('organizationName', u'Python Software Foundation'),),
(('organizationalUnitName', u'Python Core Development'),),
(('commonName', u'null.python.org\x00example.org'),),
(('emailAddress', u'python-dev@python.org'),)),
'notAfter': 'Aug 7 13:12:52 2013 GMT',
'notBefore': 'Aug 7 13:11:52 2013 GMT',
'serialNumber': '00',
'subject': ((('countryName', u'US'),),
(('stateOrProvinceName', u'Oregon'),),
(('localityName', u'Beaverton'),),
(('organizationName', u'Python Software Foundation'),),
(('organizationalUnitName', u'Python Core Development'),),
(('commonName', u'null.python.org\x00example.org'),),
(('emailAddress', u'python-dev@python.org'),)),
'subjectAltName': (('DNS', 'altnull.python.org\x00example.com'),
('email', 'null@python.org\x00user@example.org'),
('URI', 'http://null.python.org\x00http://example.org'),
('IP Address', '192.0.2.1'),
('IP Address', '2001:DB8:0:0:0:0:0:1\n')),
'version': 3}
ok
test_random (test.test_ssl.BasicSocketTests) ...
RAND_status is 1 (sufficient randomness)
ok
test_refcycle (test.test_ssl.BasicSocketTests) ... ok
test_wrapped_unconnected (test.test_ssl.BasicSocketTests) ... ok
test_algorithms (test.test_ssl.NetworkedTests) ... skipped 'remote host needs SNI, only available on Python 3.2+'
test_connect (test.test_ssl.NetworkedTests) ... ok
test_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_connect_ex_error (test.test_ssl.NetworkedTests) ... ok
test_get_server_certificate (test.test_ssl.NetworkedTests) ... ERROR
test_makefile_close (test.test_ssl.NetworkedTests) ... ok
test_non_blocking_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_non_blocking_handshake (test.test_ssl.NetworkedTests) ...
Needed 3 calls to do_handshake() to establish session.
ok
test_timeout_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_asyncore_server (test.test_ssl.ThreadedTests)
Check the example asyncore integration. ...
server: new connection from 127.0.0.1:48912
client: sending 'TEST MESSAGE of mixed case\n'...
client: read 'test message of mixed case\n'
client: closing connection.
cleanup: stopping server.
cleanup: joining server thread.
server: closed connection <ssl.SSLSocket object at 0x2399140>
cleanup: successfully joined.
ok
test_default_ciphers (test.test_ssl.ThreadedTests) ... ok
test_echo (test.test_ssl.ThreadedTests)
Basic test of an SSL client connecting to a server ...
server: new connection from ('127.0.0.1', 43993)
server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256)
client: sending 'FOO\n'...
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: sending bytearray(b'FOO\n')...
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: sending <memory at 0x237f510>...
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: closing connection.
server: client closed connection
ok
test_empty_cert (test.test_ssl.ThreadedTests)
Connecting with an empty cert file ...
SSLError is _ssl.c:354: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
ok
test_getpeercert (test.test_ssl.ThreadedTests) ...
{'notAfter': 'Oct 5 23:01:56 2020 GMT',
'subject': ((('countryName', u'XY'),),
(('localityName', u'Castle Anthrax'),),
(('organizationName', u'Python Software Foundation'),),
(('commonName', u'localhost'),)),
'subjectAltName': (('DNS', 'localhost'),)}
Connection cipher is ('AES256-GCM-SHA384', 'TLSv1/SSLv3', 256).
ok
test_handshake_timeout (test.test_ssl.ThreadedTests) ... ok
test_malformed_cert (test.test_ssl.ThreadedTests)
Connecting with a badly formatted certificate (syntax error) ...
SSLError is _ssl.c:368: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
ok
test_malformed_key (test.test_ssl.ThreadedTests)
Connecting with a badly formatted key (syntax error) ...
SSLError is _ssl.c:354: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
ok
test_nonexisting_cert (test.test_ssl.ThreadedTests)
Connecting with a non-existing cert file ...
SSLError is _ssl.c:507: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
ok
test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options ...
SSLv2->SSLv2 CERT_NONE
SSLv2->SSLv2 CERT_OPTIONAL
SSLv2->SSLv2 CERT_REQUIRED
SSLv23->SSLv2 CERT_NONE
{SSLv3->SSLv2} CERT_NONE
{TLSv1->SSLv2} CERT_NONE
ok
test_protocol_sslv23 (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options ...
SSLv3->SSLv23 CERT_NONE
SSLv23->SSLv23 CERT_NONE
TLSv1->SSLv23 CERT_NONE
SSLv3->SSLv23 CERT_OPTIONAL
SSLv23->SSLv23 CERT_OPTIONAL
TLSv1->SSLv23 CERT_OPTIONAL
SSLv3->SSLv23 CERT_REQUIRED
SSLv23->SSLv23 CERT_REQUIRED
TLSv1->SSLv23 CERT_REQUIRED
ok
test_protocol_sslv3 (test.test_ssl.ThreadedTests)
Connecting to an SSLv3 server with various client options ...
SSLv3->SSLv3 CERT_NONE
SSLv3->SSLv3 CERT_OPTIONAL
SSLv3->SSLv3 CERT_REQUIRED
{SSLv2->SSLv3} CERT_NONE
{TLSv1->SSLv3} CERT_NONE
ok
test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options ...
TLSv1->TLSv1 CERT_NONE
TLSv1->TLSv1 CERT_OPTIONAL
TLSv1->TLSv1 CERT_REQUIRED
{SSLv2->TLSv1} CERT_NONE
{SSLv3->TLSv1} CERT_NONE
ok
test_recv_send (test.test_ssl.ThreadedTests)
Test recv(), send() and friends. ...
server: new connection from ('127.0.0.1', 56710)
server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256)
ok
test_rude_shutdown (test.test_ssl.ThreadedTests)
A brutal shutdown of an SSL server should raise an IOError ... ok
test_socketserver (test.test_ssl.ThreadedTests)
Using a SocketServer to create and manage SSL connections. ...
server (('127.0.0.1', 42188):42188 ('AES256-GCM-SHA384', 'TLSv1/SSLv3', 256)):
[15/Apr/2014 14:14:53] "GET /keycert.pem HTTP/1.0" 200 -
client: read 1783 bytes from remote server '<SocketServerHTTPSServer <HTTPSServer localhost.localdomain:42188>>'
ok
test_starttls (test.test_ssl.ThreadedTests)
Switching from clear text to encrypted and back again. ...
client: sending 'msg 1'...
server: new connection from ('127.0.0.1', 50624)
server: read 'msg 1' (unencrypted), sending back 'msg 1' (unencrypted)...
client: read 'msg 1' from server
client: sending 'MSG 2'...
server: read 'MSG 2' (unencrypted), sending back 'msg 2' (unencrypted)...
client: read 'msg 2' from server
client: sending 'STARTTLS'...
server: read STARTTLS from client, sending OK...
client: read 'OK\n' from server, starting TLS...
client: sending 'MSG 3'...
server: read 'MSG 3' (encrypted), sending back 'msg 3' (encrypted)...
client: read 'msg 3' from server
client: sending 'msg 4'...
server: read 'msg 4' (encrypted), sending back 'msg 4' (encrypted)...
client: read 'msg 4' from server
client: sending 'ENDTLS'...
server: read ENDTLS from client, sending OK...
client: read 'OK\n' from server, ending TLS...
server: connection is now unencrypted...
client: sending 'msg 5'...
server: read 'msg 5' (unencrypted), sending back 'msg 5' (unencrypted)...
client: read 'msg 5' from server
client: sending 'msg 6'...
server: read 'msg 6' (unencrypted), sending back 'msg 6' (unencrypted)...
client: read 'msg 6' from server
client: closing connection.
server: client closed connection
ok
test_wrapped_accept (test.test_ssl.ThreadedTests)
Check the accept() method on SSL sockets. ... test test_ssl failed -- Traceback (most recent call last):
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/test/test_ssl.py", line 387, in test_get_server_certificate
pem = ssl.get_server_certificate(("svn.python.org", 443))
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 448, in get_server_certificate
s.connect(addr)
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 333, in connect
self._real_connect(addr, False)
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 323, in _real_connect
self.do_handshake()
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 305, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:507: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
server: wrapped server socket as <ssl.SSLSocket object at 0x2399140>
client: sending 'FOO\n'...
server: new connection from ('127.0.0.1', 40291)
client cert is {'notAfter': 'Oct 5 23:01:56 2020 GMT',
'subject': ((('countryName', u'XY'),),
(('localityName', u'Castle Anthrax'),),
(('organizationName', u'Python Software Foundation'),),
(('commonName', u'localhost'),)),
'subjectAltName': (('DNS', 'localhost'),)}
cert binary is 600 bytes
server: connection cipher is now ('AES256-GCM-SHA384', 'TLSv1/SSLv3', 256)
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: sending bytearray(b'FOO\n')...
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: sending <memory at 0x240ecc8>...
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: closing connection.
server: client closed connection
ok
======================================================================
ERROR: test_get_server_certificate (test.test_ssl.NetworkedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/test/test_ssl.py", line 387, in test_get_server_certificate
pem = ssl.get_server_certificate(("svn.python.org", 443))
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 448, in get_server_certificate
s.connect(addr)
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 333, in connect
self._real_connect(addr, False)
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 323, in _real_connect
self.do_handshake()
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 305, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:507: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
----------------------------------------------------------------------
Ran 37 tests in 4.950s
FAILED (errors=1, skipped=1)
1 test failed:
test_ssl |