Poppy

ssl.PROTOCOL_SSLv3 no longer available in moder pythons

Bug #1602894 reported by Clark Boylan on 2016-07-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Poppy	New	Undecided	Unassigned

Bug Description

SSLv3 is no longer considered secure. In response to this modern ssl libs and transitively python itself have removed support for SSLv3 entirely (see https://bugs.python.org/issue22935).

On Ubuntu Xenial this leads to the poppy unittests failing with tracebacks like:

======================================================================
ERROR: Failure: ImportError (cannot import name analytics)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jenkins/openstack/poppy/.tox/py27/local/lib/python2.7/site-packages/nose/loader.py", line 418, in loadTestsFromName
    addr.filename, addr.module)
  File "/home/jenkins/openstack/poppy/.tox/py27/local/lib/python2.7/site-packages/nose/importer.py", line 47, in importFromPath
    return self.importFromDir(dir_path, fqname)
  File "/home/jenkins/openstack/poppy/.tox/py27/local/lib/python2.7/site-packages/nose/importer.py", line 94, in importFromDir
    mod = load_module(part_fqname, fh, filename, desc)
  File "/home/jenkins/openstack/poppy/tests/functional/transport/pecan/hooks/test_context.py", line 18, in <module>
    from poppy.manager.default import home
  File "/home/jenkins/openstack/poppy/poppy/manager/default/__init__.py", line 18, in <module>
    from poppy.manager.default import driver
  File "/home/jenkins/openstack/poppy/poppy/manager/default/driver.py", line 20, in <module>
    from poppy.manager.default import controllers
  File "/home/jenkins/openstack/poppy/poppy/manager/default/controllers.py", line 16, in <module>
    from poppy.manager.default import analytics
ImportError: cannot import name analytics

Which is caused by:

>>> from poppy.manager.default import analytics
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "poppy/manager/default/__init__.py", line 18, in <module>
    from poppy.manager.default import driver
  File "poppy/manager/default/driver.py", line 20, in <module>
    from poppy.manager.default import controllers
  File "poppy/manager/default/controllers.py", line 17, in <module>
    from poppy.manager.default import background_job
  File "poppy/manager/default/background_job.py", line 22, in <module>
    from poppy.provider.akamai.background_jobs.check_cert_status_and_update \
  File "poppy/provider/akamai/__init__.py", line 16, in <module>
    from poppy.provider.akamai import driver
  File "poppy/provider/akamai/driver.py", line 27, in <module>
    from poppy.provider.akamai import controllers
  File "poppy/provider/akamai/controllers.py", line 25, in <module>
    from poppy.provider.akamai import certificates
  File "poppy/provider/akamai/certificates.py", line 22, in <module>
    from poppy.provider.akamai import utils
  File "poppy/provider/akamai/utils.py", line 36, in <module>
    ssl.PROTOCOL_SSLv3,
AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'

This is important for two reasons. The first is openstack's infra team is going to be migrating the default test platform to Ubuntu Xenial in the near future but also SSLv3 isn't secure and you should consider not supporting it at all.

Please either handle SSLv3 not existing or remove support for it entirely.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.