|Professional Services||Second Signal||Presentations||Andrew's Blog||Support|
Here's a bit of joy to add to your day. Once your server can speak TLS 1.0 to help secure you from POODLE attacks, any code making connections to your server over HTTPS that use the utilities wget, curl and most importanly Python (and others, apparently) may break.
The issue is that these tools are built using a version of openSSL that will try to connect using TLS 1.2 first -- and when that fails, the connection gets dropped. I've seen reports of this in Ruby as well, but I've verified that it is an issue in Python, and of course wget and curl.
In Python, there is apparently no simple work around. I've seen talk about binding to a different library, but since I don't do python I can't tell any more.
If you're using wget the parameter --secure-protocol=TLSv1 or --secure-protocol=SSLv3 will solve the problem.
If you're using curl the parameter -1 or -3 (which mean use TLS 1.0 or Use SSLv3) will solve the problem.
Happy patching, kids!
Please wait while your document is saved.