From owner-freebsd-python@freebsd.org  Sat Sep  5 11:36:01 2020
Return-Path: <owner-freebsd-python@freebsd.org>
Delivered-To: freebsd-python@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1D5E73C9410
 for <freebsd-python@mailman.nyi.freebsd.org>;
 Sat,  5 Sep 2020 11:36:01 +0000 (UTC) (envelope-from wjw@withagen.nl)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 4BkCD06VjXz4Mn8
 for <freebsd-python@freebsd.org>; Sat,  5 Sep 2020 11:36:00 +0000 (UTC)
 (envelope-from wjw@withagen.nl)
Received: by mailman.nyi.freebsd.org (Postfix)
 id DD1C73C940F; Sat,  5 Sep 2020 11:36:00 +0000 (UTC)
Delivered-To: python@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DCDAC3C90E0
 for <python@mailman.nyi.freebsd.org>; Sat,  5 Sep 2020 11:36:00 +0000 (UTC)
 (envelope-from wjw@withagen.nl)
Received: from router10G.digiware.nl (smtp.digiware.nl [176.74.240.9])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BkCCz6C9Yz4Mxh
 for <python@freebsd.org>; Sat,  5 Sep 2020 11:35:59 +0000 (UTC)
 (envelope-from wjw@withagen.nl)
Received: from router10g.digiware.nl (localhost.digiware.nl [127.0.0.1])
 by router10G.digiware.nl (Postfix) with ESMTP id 17B236C438;
 Sat,  5 Sep 2020 13:35:58 +0200 (CEST)
X-Virus-Scanned: amavisd-new at digiware.com
Received: from router10G.digiware.nl ([127.0.0.1])
 by router10g.digiware.nl (router10g.digiware.nl [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id SjpVBDwi1BGB; Sat,  5 Sep 2020 13:35:57 +0200 (CEST)
Received: from [192.168.10.9] (vaio [192.168.10.9])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by router10G.digiware.nl (Postfix) with ESMTPSA id 24B766C437
 for <python@freebsd.org>; Sat,  5 Sep 2020 13:35:57 +0200 (CEST)
To: python@freebsd.org
From: Willem Jan Withagen <wjw@withagen.nl>
Subject: SSlv3 problem with Ceph
Message-ID: <e48b3bae-65e5-c7d2-7a3b-b0af09e7c8f3@withagen.nl>
Date: Sat, 5 Sep 2020 13:35:56 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Firefox/68.0 Thunderbird/68.12.0
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: nl
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4BkCCz6C9Yz4Mxh
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of wjw@withagen.nl designates 176.74.240.9
 as permitted sender) smtp.mailfrom=wjw@withagen.nl
X-Spamd-Result: default: False [-1.45 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[]; DMARC_NA(0.00)[withagen.nl];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:176.74.240.9/28];
 MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[python@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.003];
 RCVD_COUNT_THREE(0.00)[4];
 HFILTER_HELO_IP_A(1.00)[router10g.digiware.nl];
 NEURAL_HAM_SHORT(-0.45)[-0.446];
 RCVD_IN_DNSWL_NONE(0.00)[176.74.240.9:from];
 NEURAL_HAM_MEDIUM(-1.00)[-1.004];
 HFILTER_HELO_NORES_A_OR_MX(0.30)[router10g.digiware.nl];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:28878, ipnet:176.74.224.0/19, country:NL];
 RCVD_TLS_LAST(0.00)[]; MAILMAN_DEST(0.00)[python]
X-BeenThere: freebsd-python@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: FreeBSD-specific Python issues <freebsd-python.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-python>, 
 <mailto:freebsd-python-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-python/>
List-Post: <mailto:freebsd-python@freebsd.org>
List-Help: <mailto:freebsd-python-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-python>,
 <mailto:freebsd-python-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Sep 2020 11:36:01 -0000

Hi,

Is SSLv3 enabled with Python 3.7?

I run into this error with Ceph-mgr:
ceph  python ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 
alert bad certificate (_ssl.c:1091)

This is using a self signed certificate, and there is some discussion
within Ceph that seems to point to the actual basic python packages:
	https://tracker.ceph.com/issues/38614

Now the question is:
	Are there easy fixes to prevent the support for SSLv3

--WjW