Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
Setup
I try to install and update r7scanassistant package from https download with the above state file.
Doing salt-call state.apply test=true debian_extras.r7scanassistant results in the following warning message:
/opt/saltstack/salt/lib/python3.10/site-packages/salt/ext/tornado/netutil.py:493: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
context = ssl.SSLContext(
local:
Summary for local
------------
Succeeded: 4
Failed: 0
------------
Total states run: 4
Total run time: 173.558 ms
[x] on-prem machine
[x] VM (Virtualbox, KVM, etc. please specify)
[x] onedir packaging
Steps to Reproduce the behavior
Running state.apply with the above state file.
Expected behavior
No deprecation warnings.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)
```yaml
salt-call --versions
Salt Version:
Salt: 3006.8
Python Version:
Python: 3.10.14 (main, Apr 3 2024, 21:30:09) [GCC 11.2.0]
Dependency Versions:
cffi: 1.14.6
cherrypy: 18.6.1
dateutil: 2.8.1
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.1.3
libgit2: Not Installed
looseversion: 1.0.2
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.2
msgpack-pure: Not Installed
mysql-python: Not Installed
packaging: 22.0
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.19.1
pygit2: Not Installed
python-gnupg: 0.4.8
PyYAML: 6.0.1
PyZMQ: 23.2.0
relenv: 0.16.0
smmap: Not Installed
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.4
System Versions:
dist: ubuntu 22.04.4 jammy
locale: utf-8
machine: x86_64
release: 5.15.0-107-generic
system: Linux
version: Ubuntu 22.04.4 jammy
```
Additional context
Changing the "https://" to "http://" seems to work around the issue, so this seems to be triggered by the https download mechanism. Maybe because the server (download2.rapid7.com) supportes TLSv1 (not only TLS>=v1.2)?
That server does indeed support TLS 1.0, but that's not a reason to avoid TLS entirely.
It should, however, be disabled in the client. Salt should not attempt to negotiate it.
Description With the following state file I always see "DeprecationWarning: ssl.PROTOCOL_TLS is deprecated":
Setup I try to install and update r7scanassistant package from https download with the above state file.
Doing
salt-call state.apply test=true debian_extras.r7scanassistant
results in the following warning message:Steps to Reproduce the behavior Running state.apply with the above state file.
Expected behavior No deprecation warnings.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ```yaml salt-call --versions Salt Version: Salt: 3006.8 Python Version: Python: 3.10.14 (main, Apr 3 2024, 21:30:09) [GCC 11.2.0] Dependency Versions: cffi: 1.14.6 cherrypy: 18.6.1 dateutil: 2.8.1 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.3 libgit2: Not Installed looseversion: 1.0.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 22.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.19.1 pygit2: Not Installed python-gnupg: 0.4.8 PyYAML: 6.0.1 PyZMQ: 23.2.0 relenv: 0.16.0 smmap: Not Installed timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: ubuntu 22.04.4 jammy locale: utf-8 machine: x86_64 release: 5.15.0-107-generic system: Linux version: Ubuntu 22.04.4 jammy ```Additional context Changing the "https://" to "http://" seems to work around the issue, so this seems to be triggered by the https download mechanism. Maybe because the server (download2.rapid7.com) supportes TLSv1 (not only TLS>=v1.2)?