Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-1574

TLS tests fail against MongoDB 4.0+ with Python 2.6 on Windows

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.7
    • Affects Version/s: None
    • Component/s: None
    • None

      The version of OpenSSL bundled with Python 2.6.6 (the last version binary Windows installers exist for) appears to be 0.9.8l. There is no way to tell from the ssl module itself in Python 2.6, but a note in the changelog mentions that version.

      https://hg.python.org/cpython/raw-file/v2.6.9/Misc/NEWS

      Attempting to test with requests fails with "tlsv1 alert protocol version":

      ./Python26/python -c "import requests; print(requests.get('https://www.howsmyssl.com/a/check', verify=False).json()['tls_version'])"
      C:\python\Python26\lib\site-packages\urllib3\util\ssl_.py:339: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
        SNIMissingWarning
      C:\python\Python26\lib\site-packages\urllib3\util\ssl_.py:137: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
        InsecurePlatformWarning
      Traceback (most recent call last):
        File "<string>", line 1, in <module>
        File "C:\python\Python26\lib\site-packages\requests\api.py", line 72, in get
          return request('get', url, params=params, **kwargs)
        File "C:\python\Python26\lib\site-packages\requests\api.py", line 58, in request
          return session.request(method=method, url=url, **kwargs)
        File "C:\python\Python26\lib\site-packages\requests\sessions.py", line 508, in request
          resp = self.send(prep, **send_kwargs)
        File "C:\python\Python26\lib\site-packages\requests\sessions.py", line 618, in send
          r = adapter.send(request, **kwargs)
        File "C:\python\Python26\lib\site-packages\requests\adapters.py", line 506, in send
          raise SSLError(e, request=request)
      requests.exceptions.SSLError: HTTPSConnectionPool(host='www.howsmyssl.com', port=443): Max retries exceeded with url: /a/check (Caused by SSLError(SSLError(1, '_ssl.c:490: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version'),))
      

      The reason the failures have started with MongoDB 4.0 is that version disabled TLS 1.0 by default. OpenSSL didn't add support for TLS 1.1+ until version 1.0.1.

      We have two options:
      1. Don't test the combination of Python 2.6, TLS, Windows, and MongoDB 4.0+
      2. Explicitly re-enable TLS 1.0 using the enableInsecureTLS1_0 command line option on MongoDB 4.0+

            Assignee:
            bernie@mongodb.com Bernie Hackett
            Reporter:
            bernie@mongodb.com Bernie Hackett
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: