search

ome / omero-py

Python project containing Ice remoting code for OMERO
https://www.openmicroscopy.org/omero
GNU General Public License v2.0
22 stars 32 forks source link

Windows IceSSL ciphers are more limited than Linux and OSX #200

Closed manics closed 4 years ago

manics commented 4 years ago

https://github.com/zeroc-ice/ice/blob/3.6/CHANGELOG-3.6.md#c-changes-7

Significant changes to the IceSSL plug-in:

    Now uses the native SecureTransport API on macOS
    Now uses the native SChannel API on Windows
    OpenSSL is only used in IceSSL on Linux

https://doc.zeroc.com/ice/3.6/property-reference/icessl#id-.IceSSL.*v3.6-IceSSL.Ciphers Supported SChannel ciphers are

    3DES
    AES_128
    AES_256
    DES
    RC2
    RC4

Currently OMERO.py client.createSession() fails with SSL handshake failure, possibly due to lack of support for one of these? May need investigation on the client and server.

manics commented 4 years ago

Note websocket connections do work:

c = omero.client(host='wss://idr.openmicroscopy.org/omero-ws', args=['--IceSSL.Trace.Security=1'])
c.createSession( , )

so port 4064 connections might be fixed by disabling anonymous ciphers using e.g. https://github.com/ome/omero-certificates.

manics commented 4 years ago

This works as long as the required ciphers are activated on the server side.