-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
The version of OpenSSL bundled with Python 2.6.6 (the last version binary Windows installers exist for) appears to be 0.9.8l. There is no way to tell from the ssl module itself in Python 2.6, but a note in the changelog mentions that version.
https://hg.python.org/cpython/raw-file/v2.6.9/Misc/NEWS
Attempting to test with requests fails with "tlsv1 alert protocol version":
./Python26/python -c "import requests; print(requests.get('https://www.howsmyssl.com/a/check', verify=False).json()['tls_version'])"
C:\python\Python26\lib\site-packages\urllib3\util\ssl_.py:339: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
SNIMissingWarning
C:\python\Python26\lib\site-packages\urllib3\util\ssl_.py:137: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecurePlatformWarning
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:\python\Python26\lib\site-packages\requests\api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "C:\python\Python26\lib\site-packages\requests\api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "C:\python\Python26\lib\site-packages\requests\sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "C:\python\Python26\lib\site-packages\requests\sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "C:\python\Python26\lib\site-packages\requests\adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='www.howsmyssl.com', port=443): Max retries exceeded with url: /a/check (Caused by SSLError(SSLError(1, '_ssl.c:490: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version'),))
The reason the failures have started with MongoDB 4.0 is that version disabled TLS 1.0 by default. OpenSSL didn't add support for TLS 1.1+ until version 1.0.1.
We have two options:
1. Don't test the combination of Python 2.6, TLS, Windows, and MongoDB 4.0+
2. Explicitly re-enable TLS 1.0 using the enableInsecureTLS1_0 command line option on MongoDB 4.0+