I'm attempting to make a simple HTTPS connection to a REST API using python from CentOS 6.5. Installed is python-2.6.6-52.el6.x86_64 and openssl-1.0.1e-16.el6_5.7.x86_64.
#!/usr/bin/env python
import httplib, json, urllib, urllib2
# Gets the session ID to host
c = httplib.HTTPSConnection("10.10.1.1")
c.request("GET", "/services/rest/V2/?method=authenticate&username=myusername&password=mypasswd&format=json")
response = c.getresponse()
data = json.loads(response.read())
session_id = data['session_id']
print "Session Created. Session ID: " + session_id
However, its giving me this error:
Traceback (most recent call last):
File "./test3.py", line 7, in <module>
c.request("GET", "/services/rest/V2/?method=authenticate&username=myusername&password=mypasswd&format=json")
File "/usr/lib64/python2.6/httplib.py", line 914, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/httplib.py", line 951, in _send_request
self.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 739, in send
self.connect()
File "/usr/lib64/python2.6/httplib.py", line 1116, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib64/python2.6/ssl.py", line 342, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib64/python2.6/ssl.py", line 120, in __init__
self.do_handshake()
File "/usr/lib64/python2.6/ssl.py", line 279, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:492: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Is this an openssl/python compatibility issue? I've already got the latest python and openssl RPMs I can find and I'd rather not venture off the RPM reservation by compiling the latest tarball manually.
This might happen if you configured a server to only accept TLS1.2 but don't have support for TLS1.2 on the client side. At least Ubuntu has patched their openssl to not provide TLS1.1 on the client side but only on the server side to work around some bugs with some hosts. Maybe RHEL/CentOS did too.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.