[Pulp-list] Pulp 2.3.1 requires SSLv3 enabled? re: POODLE vulnerability
Michael Hrivnak
mhrivnak at redhat.com
Fri Oct 17 21:54:53 UTC 2014
Christina,
We are working on that issue now. Making pulp-admin do TLS will require a small code change similar to this one: https://github.com/pulp/pulp/pull/1244/files
Stay tuned.
Michael
----- Original Message -----
From: "Christina Plummer" <cplummer at gmail.com>
To: "pulp-list" <pulp-list at redhat.com>
Sent: Friday, October 17, 2014 5:33:26 PM
Subject: [Pulp-list] Pulp 2.3.1 requires SSLv3 enabled? re: POODLE vulnerability
Hello Pulp folks,
I am running Pulp 2.3.1. When the SSLv3 POODLE vulnerability was reported earlier this week, I dutifully went out to my Pulp servers and disabled SSLv3 in the httpd config to mitigate the issue. But then I discovered I could no longer run pulp-admin commands.
Can I force pulp to use TLS instead of SSLv3?
The errors in my .pulp/admin.log file were:
2014-10-17 21:23:41,795 - ERROR - Client-side exception occurred
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/pulp/client/extensions/core.py", line 478, in run
exit_code = Cli.run(self, args)
File "/usr/lib/python2.6/site-packages/okaara/cli.py", line 974, in run
exit_code = command_or_section.execute(self.prompt, remaining_args)
File "/usr/lib/python2.6/site-packages/pulp/client/extensions/extensions.py", line 224, in execute
return self.method(*arg_list, **clean_kwargs)
File "/usr/lib/python2.6/site-packages/pulp_rpm/extension/admin/contents.py", line 204, in package_search
self.run_search([self.type_id], out_func=out_func, **kwargs)
File "/usr/lib/python2.6/site-packages/pulp_rpm/extension/admin/contents.py", line 154, in run_search
units = self.context.server.repo_unit.search(repo_id, **kwargs).response_body
File "/usr/lib/python2.6/site-packages/pulp/bindings/repository.py", line 439, in search
return self.server.POST(path, data)
File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 102, in POST
return self._request('POST', path, body=body, ensure_encoding=ensure_encoding)
File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 146, in _request
response_code, response_body = self.server_wrapper.request(method, url, body)
File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 295, in request
connection.request(method, url, body=body, headers=headers)
File "/usr/lib64/python2.6/httplib.py", line 914, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/httplib.py", line 951, in _send_request
self.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 739, in send
self.connect()
File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: sslv3 alert handshake failure
_______________________________________________
Pulp-list mailing list
Pulp-list at redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list
More information about the Pulp-list
mailing list