I've just ran into a bug in OpenSSL in Ubuntu 12.04 with TLS connections and I need to workaround it. Bug brief - on Ubuntu 12.04 bug in OpenSSL implementation makes various calls to HTTPS with TLS 1.1 fail randomly.
The usual python workaround is also provided on that link above, and it basically enforces TLS 1.0 to be used instead of TLS 1.1. Yet that workaround doesn't work for me out of the box because I'm using eventlet lib that implements non-blocking HTTP requests.
As I understand - eventlet library redefines some classes related to the matter and particularly - the httplib.HTTPSConnection
class that I need to patch to enforce TLS 1.0.
So the question is - what exactly I need to patch in eventlet or what to redefine to enforce TLS 1.0 connection for non-blocking HTTP calls via eventlet?
First, you should upgrade eventlet. As of 2013-09, the latest release is 0.14 and we have large number of bugs fixed since 0.9.16.
Second, the solution provided there is a bit too complicated and only fixes
httplib
. If they provided solution forssl
, it would also fix HTTPS and work with eventlet.Here's a simpler version for Python 2.6+ that fixes all SSL sockets:
I don't have access to broken system right now, so I can't really test it. Does not break good version of openssl.