[Twisted-Python] SSL: wrong version number
Jean-Paul Calderone
exarkun at divmod.com
Thu Jun 14 13:22:20 MDT 2007
On Thu, 14 Jun 2007 15:08:06 -0400, Jean-Paul Calderone <exarkun at divmod.com> wrote:
>On Thu, 14 Jun 2007 20:51:05 +0400, Voznesensky Vladimir <vovic at nfi.kiae.ru>
>wrote:
>>Hello.
>>
>>I'm trying to write a twisted client for MyProxy server.
>>This grid service uses TLS.
>>When using blocking calls, everything is ok.
>>When trying to estabilish a twisted connection
>>using reactor.connectSSL(host, port, f, contextFactory)
>>with _the_same_ context in contextFactory, the error occures:
>>
>>[Failure instance: Traceback (failure with no frames): <class
>>'OpenSSL.SSL.Error'>: [('SSL routines', 'SSL3_GET_RECORD', 'wrong version
>>number')]
>>
>>You can do it yourself by simply connecting to myproxy.cern.ch:7512
>>
>>Is there anybody aware of such problem?
>
>The server is using SSLv2. The traceback seems to indicate the context is
>set up for SSLv3. I can't tell how you created that context object, nor am
>I certain why one version of your code can establish a connection while the
>other cannot, but I would check the context object and make sure it is using
>either SSLv2 or SSLv23.
>
Oh, I should also say that SSLv2 is insecure and, if you can, you should
really change that server to use at least SSLv3.
Jean-Paul
More information about the Twisted-Python
mailing list