Hi Eric, RBTools itself isn't handling SSL/TLS, and has no awareness of the various protocols/ciphers. We use Python's urllib2 to establish the connections, and that's going through the ssl module. I don't have a good answer on next steps here, but it's not an issue that'll be specific to RBTools or will involve our codebase, most likely.
Christian On Friday, September 9, 2016, eric via reviewboard < reviewboard@googlegroups.com> wrote: > Some follow-on information. > > I grabbed my Apache configuration for the server from > https://mozilla.github.io/server-side-tls/ssl-config-generator/ > Initially, I tried the "Modern" configuration. > > When I switch to the "Intermediate" configuration, it starts working. > > I updated my logging on the server to track which protocol & cipher are > being used, and I see this when I connect from the browser: > > TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 > > (That's good) > > > ... but I see this if I run "rbt setup-repo" or "rbt post" > > TLSv1 DHE-RSA-AES128-SHA > > > Why is it that rbt uses the older protocol & cipher? I've been advised to > go run wireshark, and maybe that will provide more insight. > > > Eric. > > > > On Friday, September 9, 2016 at 10:02:28 AM UTC-7, er...@tibco.com > <javascript:_e(%7B%7D,'cvml','er...@tibco.com');> wrote: >> >> The specific, full message is this: >> >> ERROR: Could not reach the Review Board server at ________________: SSL: >> SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590) >> >> >> This is not a self-signed certificate. My web browsers all work fine when >> I connect to the site. When I do this: >> >> >> > python >> >> > import ssl >> >> > ssl.OPENSSL_VERSION >> >> >>> 'OpenSSL 1.0.2h 3 May 2016' >> >> >> I'm sort of at a loss for how to troubleshoot this. I turn on all the >> debugging and logging I can on the server, and I'm not seeing any >> additional information. >> >> >> It doesn't look like rbt setup-repo takes any "verbose" options that will >> clarify the problem. >> >> >> Suggestions? >> >> >> Thanks! >> >> >> Eric. >> > -- > Supercharge your Review Board with Power Pack: > https://www.reviewboard.org/powerpack/ > Want us to host Review Board for you? Check out RBCommons: > https://rbcommons.com/ > Happy user? Let us know! https://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "reviewboard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to reviewboard+unsubscr...@googlegroups.com > <javascript:_e(%7B%7D,'cvml','reviewboard%2bunsubscr...@googlegroups.com');> > . > For more options, visit https://groups.google.com/d/optout. > -- -- Christian Hammond President/CEO of Beanbag <https://www.beanbaginc.com/> Makers of Review Board <https://www.reviewboard.org/> -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
