/srv/irclogs.ubuntu.com/2020/08/24/#ubuntu-us-mi.txt

jrwren	anyone have issues with python/requests... actually all of ubuntu... not supporting LetsEncrypt root certs? python/requests/curl fails for me, but on my mac the same root cert works.	02:11
jrwren	I get * TLSv1.2 (OUT), TLS alert, handshake failure (552):	02:11
jrwren	* error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type	02:11
cmaloney	Which version of python / requests?	02:14
jrwren	python 3.8, not sure about requests.	02:21
jrwren	but it seems to be system wide as curl is also effected.	02:21
jrwren	can anyone compare this file on tehir system?	02:21
jrwren	2a02:840:1:1:1::1	02:21
jrwren	200348 Jun 3 22:15 /etc/ssl/certs/ca-certificates.crt	02:21
jrwren	gah, I thought maybe it was ipv6, but no, evne on ipv4 same error.	02:21
jrwren	my only guess is ca-certifactes.crt is no good.	02:21
jrwren	ca-certificates is already the newest version (20190110ubuntu1.1).	02:25
jrwren	that does seem too old.	02:25
jrwren	hrm... or not... despite the version it is from June of 2020	02:26
cmaloney	Does it work on other sites?	02:31
jrwren	yes	02:37
jrwren	i'm thinking it is this, but the fix didn't work for me.	02:37
jrwren	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900984	02:37
jrwren	yeah, adding --ciphers DEFAULT@SECLEVEL=1 to the curl command makes it pass, but I've no idea how to set default openssl client ciphers	02:41
jrwren	well, curl is excellent, so ciphers = in ~/.curlrc works great, but that doesn't fix requests.	02:43
jrwren	https://github.com/psf/requests/issues/4775	02:44
jrwren	https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level WINS	02:48
jrwren	well that was really interesting	02:51
cmaloney	Wow, that's fun. :)	11:56
jrwren	it really was. I'm glad I solved it.	12:10

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!