https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320289#M7290 <P>Python 2.x tries to establish a connection with PROTOCOL_SSLv23 by default &gt; <A href="https://github.com/python/cpython/blob/360aa60b2a36f5f6e9e20325efd8d472f7559b1e/Lib/ssl.py#L1057">Patch Lib/ssl.py#L1057</A></P> <P>You can patch the "wrap_socket" method to force the TLS connection &gt; <A href="https://bugs.python.org/issue24372">https://bugs.python.org/issue24372</A></P> <P>In this case, you can leave the option to choose the connection type in the GUI</P> <P>--</P> <P>For added security, it is advisable to use the library "urllib3" rather than version 2 &gt; <A href="https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning">urllib3#insecureplatformwarning</A></P> <P>It is preferable to use the package "pyopenssl" to connect to HTTPS &gt; <A href="https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl">urllib3#pyopenssl</A></P> Tue, 09 Jun 2015 11:10:23 GMT Pierre_Jenicot1 2015-06-09T11:10:23Z https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320287#M7288 <P>Hi,</P> <P>We recently refused the protocols SSLv2, SSLv3 and SSLv23 to accept only TLS v1, v1.1 and v1.2 on our domain.</P> <P>From internet, our client-drive receive an error (below) after auto-negotiation for encryption of the connection (currently the RC4 encryption).</P> <PRE><CODE>Traceback (most recent call last): File "nuxeo-drive-client\nxdrive\manager.py", line 397, in _get_update_url File "nuxeo-drive-client\nxdrive\manager.py", line 438, in _refresh_engine_update_infos File "nuxeo-drive-client\nxdrive\engine\engine.py", line 535, in get_update_infos File "nuxeo-drive-client\nxdrive\engine\engine.py", line 723, in get_remote_doc_client File "nuxeo-drive-client\nxdrive\client\remote_document_client.py", line 78, in __init__ File "nuxeo-drive-client\nxdrive\client\base_automation_client.py", line 216, in __init__ File "nuxeo-drive-client\nxdrive\client\base_automation_client.py", line 273, in fetch_api URLError: &lt;urlopen error [Errno 1] _ssl.c:504: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure&gt; </CODE></PRE> <P>Indeed, the version 2.7.3 of the python still accepting RC4 cipher for SSL and TLS. This has been removed from the 2.7.9 release (see url)</P> <P><A href="https://hg.python.org/cpython/rev/3596081cfb55/">https://hg.python.org/cpython/rev/3596081cfb55/</A></P> <P>Could you take into account this change and accept the TLS v1.1 / 1.2 protocols?</P> <P><A href="https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what">https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what</A> <A href="https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack">https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack</A></P> <P>Thanks</P> Mon, 08 Jun 2015 13:49:21 GMT https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320287#M7288 Pierre_Jenicot1 2015-06-08T13:49:21Z https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320288#M7289 <P>So just upgrading to Python 2.7.9 in Drive build would solve the problem?</P> Tue, 09 Jun 2015 10:26:55 GMT https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320288#M7289 ataillefer_ 2015-06-09T10:26:55Z https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320289#M7290 <P>Python 2.x tries to establish a connection with PROTOCOL_SSLv23 by default &gt; <A href="https://github.com/python/cpython/blob/360aa60b2a36f5f6e9e20325efd8d472f7559b1e/Lib/ssl.py#L1057">Patch Lib/ssl.py#L1057</A></P> <P>You can patch the "wrap_socket" method to force the TLS connection &gt; <A href="https://bugs.python.org/issue24372">https://bugs.python.org/issue24372</A></P> <P>In this case, you can leave the option to choose the connection type in the GUI</P> <P>--</P> <P>For added security, it is advisable to use the library "urllib3" rather than version 2 &gt; <A href="https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning">urllib3#insecureplatformwarning</A></P> <P>It is preferable to use the package "pyopenssl" to connect to HTTPS &gt; <A href="https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl">urllib3#pyopenssl</A></P> Tue, 09 Jun 2015 11:10:23 GMT https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320289#M7290 Pierre_Jenicot1 2015-06-09T11:10:23Z https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320290#M7291 <P>OK thanks for this detailed information.</P> Tue, 09 Jun 2015 12:08:56 GMT https://connect.hyland.com/t5/nuxeo-forum/nuxeo-drive-and-ssl-ciphers/m-p/320290#M7291 ataillefer_ 2015-06-09T12:08:56Z