Package: python-cherrypy3 Version: 3.5.0-2 Severity: normal Tags: upstream Dear Maintainer,
when asking for ssl encryption by cherrypy it delivers results using unencrypted http rather than https. This is known upstream in https://bitbucket.org/cherrypy/cherrypy/issues/1298/ssl-not-working and the workaround in https://bitbucket.org/cherrypy/cherrypy/issues/1298/ssl-not-working#comment-9209835 works for me, but may affect other things according to the discussion there. A stand-alone test (adapted from the discussion in bitbucket) to reproduce is: --8<-- #!/bin/bash openssl req -nodes -newkey rsa:2048 -keyout server.key -x509 \ -days 3650 -out server.crt -subj "/CN=CherryPy" (python <<EOF import cherrypy server2 = cherrypy._cpserver.Server() server2.socket_port = 1443 server2.socket_host = '127.0.0.1' server2.thread_pool = 30 server2.ssl_module = 'pyopenssl' server2.ssl_certificate = 'server.crt' server2.ssl_private_key = 'server.key' server2.subscribe() cherrypy.engine.start() cherrypy.engine.block() EOF ) & pid=$! sleep 4 curl -k https://localhost:1443 kill $pid --8<-- which returns --8<-- curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received. --8<-- Changing "https" to "http" in the curl command avoid the warning (and in a real application returns the html content expected). I would of course have expected that https would work. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python-cherrypy3 depends on: ii python 2.7.9-1 ii python-routes 2.2-1 pn python:any <none> python-cherrypy3 recommends no packages. python-cherrypy3 suggests no packages. -- no debconf information