Description of problem: After upgrade from Fedora 25, connections to NASA HTTPS servers using python fail Version-Release number of selected component (if applicable): Name : python2 Version : 2.7.13 Release : 12.fc26 Arch : x86_64 Size : 79 k Source : python2-2.7.13-12.fc26.src.rpm How reproducible: Reliably, on 2 different systems Steps to Reproduce: 1. verify that openssl connections work: $ openssl s_client -connect oceancolor.gsfc.nasa.gov:443 This succeeds using: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 2. try connection with python2 /usr/bin/python2.7 -c 'import httplib ; c = httplib.HTTPSConnection("oceancolor.gsfc.nasa.gov"); c.request("GET", "/"); r=c.getresponse(); print r.status, r.reason' Actual results: Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib64/python2.7/httplib.py", line 1042, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1082, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/httplib.py", line 1038, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 882, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 844, in send self.connect() File "/usr/lib64/python2.7/httplib.py", line 1263, in connect server_hostname=server_hostname) File "/usr/lib64/python2.7/ssl.py", line 363, in wrap_socket _context=self) File "/usr/lib64/python2.7/ssl.py", line 611, in __init__ self.do_handshake() File "/usr/lib64/python2.7/ssl.py", line 840, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:661) Expected results: 200 OK Additional info: NASA provides a number of python (2.7) scripts to download files using https URL's. These are failing. Other users report that anaconda python 2.7 works.
Hello and thanks for the bug report. We are currently in the process of rebasing python2 in the various fedora branches from 2.7.13 to 2.7.14, however we are waiting to iron out some issues with upstream first, hence the delay in investigating this issue. As soon as that happens we'll get back on this bug report.
Hello, I was able to reproduce the problem on my system, but by installing the 2.7.14 version which is in the updates-testing repo now, the problem seems to be fixed. Would you be able to test it and provide karma for the update [0]? You can install it with 'dnf update python2 --enablerepo=updates-testing' [0] https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4bde2339f
2.7.14 works for me. Thanks.
python2-2.7.14-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-babeb14452
python2-2.7.14-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-babeb14452
python2-2.7.14-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.