[issue17948] HTTPS and sending a big file size hangs.
James O'Cull
report at bugs.python.org
Fri May 10 20:11:21 CEST 2013
James O'Cull added the comment:
We have more information on this bug here. It's SSL v2 related when pushing to IIS.
http://stackoverflow.com/a/16486104/97964
Here's a paste from the StackOverflow answer:
I found a few ways of dealing with this issue:
To fix this server-side in IIS, download and install https://www.nartac.com/Products/IISCrypto/Default.aspx and click the BEAST button, or force SSL3.0 by disabling other protocols.
If you don't have access to the IIS server, you can fix it by rolling back Python to version 2.7.2 or earlier.
If you are adventurous, you can modify the mercurial source in sslutil.py, near the top, change the line
sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
cert_reqs=cert_reqs, ca_certs=ca_certs)
to
from _ssl import PROTOCOL_SSLv3
sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
cert_reqs=cert_reqs, ca_certs=ca_certs, ssl_version=PROTOCOL_SSLv3)
This will work around the problem and fix the push limit to mercurial behind IIS.
If you are interested in why Python 2.7.3 broke this, look at http://bugs.python.org/issue13885 for the explanation (it is security-related). If you want to modify Python itself, in Modules/_ssl.c change the line
SSL_CTX_set_options(self->ctx,
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
back to how it was prior to 2.7.3:
SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
Compile and reinstall python, etc. This adds more SSL compatibility at the expense of potential security risks, if I understand the OpenSSL docs correctly.
----------
nosy: +James.O'Cull
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17948>
_______________________________________
More information about the Python-bugs-list
mailing list