[Tracker-discuss] [issue649] Intermittent SSL signature issues
Ned Deily
metatracker at psf.upfronthosting.co.za
Sun Mar 25 22:40:31 EDT 2018
Ned Deily <nad at acm.org> added the comment:
Probably the same issue during that time period: a random subset of our GitHub webhook requests, triggered by changes to the python/cpython repo on GitHub, failed with "SSL connect failure". Retrying them manually hours later from the GitHub admin interface, they all succeeded. But failures like this caused havoc with our bugs.python.org / GitHub integration and overall python-dev workflows. I haven't seen any failures since but there hasn't been a lot of activity either.
I did try using an online certificate checking tool (https://cryptoreport.websecurity.symantec.com/checker/) on https://bugs.python.org and found that the checker failed intermittently with "SSL certificate is not installed" error.
I also noticed on the Server Configuration info displayed by the symantec tool when it succeeds that apparently bugs.python.org currently has an out-of-date and insecure of SSL/TLS libs installed. The report says that b.p.o only support TLS1.0 (and TLS 1.1 or 1.2) and is vulnerable to the BEAST and TLS renegotiation attacks. It also says that the b.p.o server reports itself as "BaseHTTP/0.3 Python/2.6.6"! If the migration of b.p.o to a more modern server is not going to happen imminently, perhaps the version of OpenSSL (or whatever) should be updated on the old server?
----------
nosy: +ned.deily
status: unread -> chatting
_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue649>
_______________________________________________________
More information about the Tracker-discuss
mailing list