Support TLS 1.2 - Githubissues

duncanrand commented 3 years ago

An error occurred during a connection. Peer using unsupported version of security protocol.

Error code: SSL_ERROR_UNSUPPORTED_VERSION

sfayer commented 3 years ago

This is a property of the pyOpenSSL build/version... On the (stock) CentOS7 version, this only supports up to TLSv1.1. The proper fix for this would be to move to python3 and deploy on CentOS8 instead (where it would then have support up to TLSv1.3). gfal is available on CentOS8 now and Alex has written a python3 patch, so this may well be possible, although no-one has tried it yet. Perhaps you could deploy on CentOS8 instead and we'll fix up any issues that you find as you go along?

duncanrand commented 3 years ago

On CentOS8 I get

Error: Unable to find a match: python-virtualenv m2crypto gfal2-python

On 11/02/2021 18:53, sfayer wrote:

This is a property of the pyOpenSSL build/version... On the (stock) CentOS7 version, this only supports up to TLSv1.1. The proper fix for this would be to move to python3 and deploy on CentOS8 instead (where it would then have support up to TLSv1.3). gfal is available on CentOS8 now and Alex has written a python3 patch, so this may well be possible, although no-one has tried it yet. Perhaps you could deploy on CentOS8 instead and we'll fix up any issues that you find as you go along?

alexanderrichards commented 3 years ago

you don't need python-virtualenv with python3 as it is built in.
m2crypto may be now python3-m2crypto
gfal2-python I don't know.... try listing python3-g*

sfayer commented 3 years ago

Indeed: python3-gfal2 & python3-m2crypto

duncanrand commented 3 years ago

Problem: conflicting requests

nothing provides libboost_python3.so.1.66.0()(64bit) needed by python3-gfal2-1.9.5-5.el8.x86_64

Here it suggests PowerTools:

https://bugzilla.redhat.com/show_bug.cgi?id=1765854

but

$ sudo dnf config-manager --set-enabled PowerTools Error: No matching repo to modify: PowerTools.

On 12/02/2021 13:53, sfayer wrote:

Indeed: python3-gfal2 & python3-m2crypto

sfayer commented 3 years ago

Yes, it is in powertools although exactly what the repo is called on the cloud image, I don't know. Have a poke about in /etc/yum.repos.d and see if you can find it in there.

duncanrand commented 3 years ago

sudo dnf config-manager --set-enabled powertools

works.

On 12/02/2021 13:54, duncanrand wrote:

Problem: conflicting requests

nothing provides libboost_python3.so.1.66.0()(64bit) needed by python3-gfal2-1.9.5-5.el8.x86_64

Here it suggests PowerTools:

https://bugzilla.redhat.com/show_bug.cgi?id=1765854

but

$ sudo dnf config-manager --set-enabled PowerTools Error: No matching repo to modify: PowerTools.

On 12/02/2021 13:53, sfayer wrote:

Indeed: python3-gfal2 & python3-m2crypto

ic-hep / pdm

Support TLS 1.2 #450