URI module - specifying SSL Protocol
311 views
Skip to first unread message
Abhishek R.
Oct 1, 2015, 5:59:19 PM10/1/15
to Ansible Project
Hi,
I'm trying an HTTP post with the following task -
---
- name: try doing a POST
uri:
url: "destinationURL"
method: POST
user: myusername
password: mypassword
force_basic_auth: yes
register: POSTResponse
- debug: var=POSTResponse
- I get an error runtime stating - msg: Socket error: EOF occurred in violation of protocol (_ssl.c:590) to "destinationURL"
The destination server supports SSL protocols of TLSv1.2 and above only and not SSLv3 or TLSv1 - and this might be the reason for this error. Question is, how do I specify the SSL Protocol for the POST as TLSv1.2? Any suggestions?
Thanks in advance.
Regards
Toshio Kuratomi
Oct 2, 2015, 2:24:17 AM10/2/15
to ansible...@googlegroups.com
What version of ansible are you running and what version of python?
Do you have any idea what versions of SSL your system's OpenSSL
library supports? Python versions before 2.7.9 do not give the
ability to specify SSL protocols above tls1.0 explicitly. Since
ansible has to run with older versions than that, we don't have a way
of abstracting out the SSL version that you can connect with to
calling code. However, with the current version of ansible, ansible
should be configuring python's SSL handling such that it selects newer
versions of the SSL protocol automatically provided that the version
of openssl that your python is using supports those protocols.
Note that these questions all concern whichever host this task is
being run on (in most cases, that's the remote host that you're
managing).
-Toshio
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bc4058f7-4aeb-4298-8d6e-6eba1e44356d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Do you have any idea what versions of SSL your system's OpenSSL
library supports? Python versions before 2.7.9 do not give the
ability to specify SSL protocols above tls1.0 explicitly. Since
ansible has to run with older versions than that, we don't have a way
of abstracting out the SSL version that you can connect with to
calling code. However, with the current version of ansible, ansible
should be configuring python's SSL handling such that it selects newer
versions of the SSL protocol automatically provided that the version
of openssl that your python is using supports those protocols.
Note that these questions all concern whichever host this task is
being run on (in most cases, that's the remote host that you're
managing).
-Toshio
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bc4058f7-4aeb-4298-8d6e-6eba1e44356d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages