** Description changed: - Package affected: python-jujuclient 0.50.5-0ubuntu1 (on Xenial) + [Impact] - The python Juju client cannot make SSL connections to the server - anymore, because TLS v1 was deprecated. + * The python Juju client cannot make SSL connections to the server anymore, because TLS v1.0 was deprecated on the server. + * Switching to TLS v1.2 fixes the problem entirely. + * Example failure: http://pastebin.ubuntu.com/23521446/ - Switching to TLS v1.2 fixes the problem entirely. + [Test case] - Example failure: http://pastebin.ubuntu.com/23521446/ + Steps to reproduce (works in a container, needs a valid juju + environment): - lp:python-jujuclient is not affected by the problem, but the code is much diverged from the version in the archives, way too many changes for a SRU. - The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0. + * Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default + * Install the package: sudo apt-get install python-jujuclient + * Set up an environment (ec2 works for instance) + * Bootstrap environment: "juju bootstrap # Note your environment's name" + * Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")' - TLS 1.2 connectivity is available in all affected releases. + [Regression Potential] - Steps to reproduce (works in a container): + * None - the package is completely unusable in its current state + because of server changes. It can't get any worse :) - - Install juju 1.25, ideally from the juju stable ppa: sudo add-apt-repository ppa:juju/stable; sudo apt-get update; sudo apt-get install juju-1-default - - Install the package: sudo apt-get install python-jujuclient - - Set up an environment (ec2 works for instance) - - Bootstrap environment: "juju bootstrap # Note your environment's name" - - Run: python -c 'from jujuclient import Environment; Environment.connect("<your environment's name>")' + [Other Info] + + * The attached patch is the minimal fix - forcing Python to connect over TLS 1.2 instead of forcing TLS 1.0. + * TLS 1.2 connectivity is available in all targeted releases. + * lp:python-jujuclient (upstream) is not affected by the problem, but the code is much diverged from the version in the archives, with way too many changes for a SRU.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1644153 Title: SSL handshake fails on xenial, yakkety, zesty To manage notifications about this bug go to: https://bugs.launchpad.net/python-jujuclient/+bug/1644153/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
