Sickbeard custom is using an outdated python version

[marcofranssen]

In the logs when starting my sickbeard-custom I see the following log entry.

Starting sickbeard-custom command /volume2/@appstore/sickbeard-custom/env/bin/python /volume2/@appstore/sickbeard-custom/var/SickBeard/SickBeard.py --daemon --pidfile /volume2/@appstore/sickbeard-custom/var/sickbeard-custom.pid --config /volume2/@appstore/sickbeard-custom/var/config.ini --datadir /volume2/@appstore/sickbeard-custom/var/
DEPRECATION: The OpenSSL being used by this python install (OpenSSL 1.0.2n  7 Dec 2017) does not meet the minimum supported version (>= OpenSSL 1.1.1) in order to support TLS 1.3 required by Cloudflare, You may encounter an unexpected reCaptcha or cloudflare 1020 blocks.

Can the python version shipped in the env/bin location be upgraded?

[BenjV]

That is the location for virtual environment used by that package. Only the external python modules used by this package are located there, not python itself.

The python used is simply the python 2 package with its embedded Openssl. As far as I know there is no python 2 available with version with Openssl 1.1.1 embedded.

And in this case that message can be ignored. This package does not use TLS at all, so no risc.

[icaros401]

There is no chance it uses OpenSSL to access https sites?

Using medusa, I see countless cloudflare captcha errors in the logs.

[BenjV]

I don't understand what you are asking? The whole point is that python 2 uses OpenSSL version 1.0.2 and that cloudflare respond with an error message that it want OpenSSL 1.1.1 Actual these are not errors but warnings because everything is still working OK.

Most likely Medusa is also using an OpenSSL version lower then 1.1.1

[icaros401]

First thing first, I get many "Cloudflare captcha challenge or firewall detected, it can't be bypassed." warnings in Medusa's log.

And then I noticed the installer I had used (on my Synology NAS) had Python 3.5 installed. So I tried upgrading to 3.7, but it too has an ancient version of openssl. (this is using a custom version of that installer)

A little googling landed me here, and your statement concerning "this package does not use TLS" confused me, hence my question (or request for clarification). It appears to me that a newer openssl version is absolutely required.

It is my understanding that medusa prefers Python3, while sickchill and other forks are still partial to python2 (so the current installer also favors python2). The best approach for me is probably to switch to Medusa's docker package.

[BenjV]

Both Python 3 and python 2.7 are using the same Openssl module and that is 1.0.2. So changing to Python 3 won't fix this.

The problem with python is that is must be working on all Operating Systems . On Windows OpenSSL it is implemented via MS SSL which cannot be used by OpenSSL 1.1.1. That is why non of the Python versions can upgrade to OpenSSL 1.1.1

But this is actual no problem, only warnings from Cloudflare that it prefer OpenSSL 1.1.1 version. But that is only a warning and is actual only needed for TLS 1.3 which is not used by SickChill and I doubt that Medusa is using it.

[icaros401]

Thanks BenjV.

It still does not make complete sense to me, but I tried with the docker container (which includes Python 3.7.6 + OpenSSL 1.1.1) and I get the same warning when it tries to access thepiratebay. So the experiment confirms your theory.

[tunisiano187]

I see your point for both of you, but :

• Python 2 is now deprecated for a while now
• I'm using sickchill that discontinued the support of Python2
• I'm having the same problem with Cloudflare
• TLS1.3 is now forced by many providers, so this make no sense to stay at Python 2. Maybe having another package for the Python 2 or 3 is the best to do, to continue no ?

[BenjV]

Again, it has nothing to do with Python 2 or 3, they both have the same problem, and I explained why the python developers cannot upgrade.

The real problem is Microsoft, they must upgrade there Ms SSL and then the python developers can create an upgrade for OpenSSL in Python. The Python developers must be able to use the same functions on all platforms, otherwise Python would no longer be portable between platforms.

So trying other python versions on for example Docker or Apple won't make any difference.

[tunisiano187]

OK, i understand your point, but the main thing here is that the sickbeard based are moving to python 3... and there is multiple things that are not the same on python 2 than the 3... so this spk is really interesting, thank you to maintain it, but most of the users won't be able to update their sick.... For example sickchill is implementing the movie part, that isn't working with python 2... and some fix are made for python 3. is that so complicated to create a copy of this app in a new python3 ? even with another name?

[BenjV]

I am busy building a version that will use Python 3 for both SickChill and Medusa. But that has nothing to do with this SSL issue what this issue is about and won't fix it either as I said..

[tunisiano187]

Thank you, that will solve one part.