Ticket #4889 defect closed invalid
Disable TLS for SSLv3 only server
|Reported by:||wetherbeei||Owned by:|
I have a server that does not correctly support TLSv1 that I can't get twisted to connect to using getPage. I had the same problem trying to use python's default urllib opener, which I fixed by opening with SSLv3 first, then SSLv23 if that failed, but I can't find a way to do that in twisted. As far as I can tell, the startTLS method is hard-coded into any SSL connections, even if SSL.OP_NO_TLSv1 is set on the SSL.Context object.
Specifically, I am trying to access:
The connection is immediately cut:
[Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.ConnectionDone'>: Connection was closed cleanly. ]
curl -v https://ui2web1.apps.uillinois.edu/BANPROD1/bwskfcls.P_GetCrse * About to connect() to ui2web1.apps.uillinois.edu port 443 (#0) * Trying 22.214.171.124... connected * Connected to ui2web1.apps.uillinois.edu (126.96.36.199) port 443 (#0) * Initializing NSS with certpath: /etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12226 * Error in TLS handshake, trying SSLv3... > GET /BANPROD1/bwskfcls.P_GetCrse HTTP/1.1 > User-Agent: curl/7.20.1 (x86_64-redhat-linux-gnu) libcurl/7.20.1 NSS/188.8.131.52 zlib/1.2.3 libidn/1.16 libssh2/1.2.4 > Host: ui2web1.apps.uillinois.edu > Accept: */* > * Connection died, retrying a fresh connect * Closing connection #0 * Issue another request to this URL: 'https://ui2web1.apps.uillinois.edu/BANPROD1/bwskfcls.P_GetCrse' * About to connect() to ui2web1.apps.uillinois.edu port 443 (#0) * Trying 184.108.40.206... connected * Connected to ui2web1.apps.uillinois.edu (220.127.116.11) port 443 (#0) * TLS disabled due to previous handshake failure * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using SSL_RSA_WITH_RC4_128_MD5 * Server certificate: * subject: CN=ui2web1.apps.uillinois.edu,OU=AITS 20100517-25690,O=University of Illinois,L=Urbana,ST=Illinois,C=US * start date: May 17 00:00:00 2010 GMT * expire date: May 17 23:59:59 2011 GMT * common name: ui2web1.apps.uillinois.edu * issuer: Efirstname.lastname@example.org,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA > GET /BANPROD1/bwskfcls.P_GetCrse HTTP/1.1 > User-Agent: curl/7.20.1 (x86_64-redhat-linux-gnu) libcurl/7.20.1 NSS/18.104.22.168 zlib/1.2.3 libidn/1.16 libssh2/1.2.4 > Host: ui2web1.apps.uillinois.edu > Accept: */* > < HTTP/1.1 302 Found < Date: Thu, 17 Feb 2011 06:56:53 GMT < Server: Oracle-Application-Server-10g/10.1.2.3.0 Oracle-HTTP-Server < Location: https://apps.uillinois.edu/selfservice/error/ < Connection: close < Transfer-Encoding: chunked < Content-Type: text/html; charset=iso-8859-1 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="https://apps.uillinois.edu/selfservice/error/">here</A>.<P> <HR> <ADDRESS>Oracle-Application-Server-10g/10.1.2.3.0 Oracle-HTTP-Server Server at ui2web1b.admin.uillinois.edu Port 443</ADDRESS> </BODY></HTML> * Closing connection #0