Activity log for bug #1741097

Date Who What changed Old value New value Message
2018-01-03 18:22:08 Jim Rollenhagen bug added bug
2018-01-03 18:25:13 Jim Rollenhagen description RHEL 7 curl does not support TLS > 1.0 by default, per this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=1170339 And it seems bootstrap.pypi.io only supports TLS 1.2: https://www.ssllabs.com/ssltest/analyze.html?d=bootstrap.pypa.io&s=151.101.192.175 Passing --tlsv1 to curl here will force curl to speak any TLS 1.x version. Logs from devstack: 2018-01-03 18:01:49.425 | + tools/install_pip.sh:install_get_pip:87 : curl -f --retry 6 --retry-delay 5 -o /opt/stack/devstack/files/get-pip.py https://bootstrap.pypa.io/get-pip.py 2018-01-03 18:01:49.430 | % Total % Received % Xferd Average Speed Time Time Time Current 2018-01-03 18:01:49.430 | Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2018-01-03 18:01:49.700 | curl: (35) Peer reports incompatible or unsupported protocol version. and further tests: $ curl -I -v https://bootstrap.pypa.io/get-pip.py * About to connect() to bootstrap.pypa.io port 443 (#0) * Trying 151.101.44.175... * Connected to bootstrap.pypa.io (151.101.44.175) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12190 (SSL_ERROR_PROTOCOL_VERSION_ALERT) * Peer reports incompatible or unsupported protocol version. * Closing connection 0 curl: (35) Peer reports incompatible or unsupported protocol version. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 (Maipo) RHEL 7 curl does not support TLS > 1.0 by default, per this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=1170339 And it seems bootstrap.pypa.io only supports TLS 1.2: https://www.ssllabs.com/ssltest/analyze.html?d=bootstrap.pypa.io&s=151.101.192.175 Passing --tlsv1 to curl here will force curl to speak any TLS 1.x version. Logs from devstack: 2018-01-03 18:01:49.425 | + tools/install_pip.sh:install_get_pip:87 : curl -f --retry 6 --retry-delay 5 -o /opt/stack/devstack/files/get-pip.py https://bootstrap.pypa.io/get-pip.py 2018-01-03 18:01:49.430 | % Total % Received % Xferd Average Speed Time Time Time Current 2018-01-03 18:01:49.430 | Dload Upload Total Spent Left Speed   0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2018-01-03 18:01:49.700 | curl: (35) Peer reports incompatible or unsupported protocol version. and further tests: $ curl -I -v https://bootstrap.pypa.io/get-pip.py * About to connect() to bootstrap.pypa.io port 443 (#0) * Trying 151.101.44.175... * Connected to bootstrap.pypa.io (151.101.44.175) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt   CApath: none * NSS error -12190 (SSL_ERROR_PROTOCOL_VERSION_ALERT) * Peer reports incompatible or unsupported protocol version. * Closing connection 0 curl: (35) Peer reports incompatible or unsupported protocol version. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 (Maipo)
2018-01-03 18:26:45 OpenStack Infra devstack: status New In Progress
2018-01-03 18:26:45 OpenStack Infra devstack: assignee Jim Rollenhagen (jim-rollenhagen)
2018-01-03 18:29:20 Jim Rollenhagen summary Installing pip fails on RHEL 7.1 with SSL error Installing pip fails on RHEL 7.4 with SSL error
2018-03-19 08:12:47 Dr. Jens Harbott devstack: status In Progress Incomplete
2018-03-19 13:39:04 Jim Rollenhagen devstack: status Incomplete Invalid