call to ssl.wrap_socket fails with the error Invalid SSL protocol variant specified

Question

I have built python with fips capable openssl, all things seem to be working fine but call to wrap_socketfails with the error "Invalid SSL protocol variant specified" when fips mode is enabled. This call succeeds when not in fips mode

Debugging through the code it was found that the call to SSL_CTX_new(SSLv3_method() in _ssl.c is returning null in fips mode as a result of which the above mentioned error is occurring

Any idea as to what might be causing this, is it possible that some non fips components are getting called ?

score 0 · Answer 1 · answered Oct 14 '14 at 07:30

0

I dont think sslv3 is supported in FIPS mode. Try using SSLv23_server_method instead of SSLv3_method

answered Oct 14 '14 at 07:30

Yuvika

5,624
2
16
21

score 0 · Accepted Answer · answered Nov 07 '14 at 07:33

0

Only Tls protocol is supported in Fips mode.

Following Dr. Stephen Henson's comment in the below link resolved my issue

http://openssl.6102.n7.nabble.com/Having-problem-using-SSL-td27038.html

answered Nov 07 '14 at 07:33

Tiger

37
5

score 0 · Answer 3 · answered Jul 29 '17 at 12:52

0

some issue with certifi latest version so downgrading certifi will solve issue

pip uninstall -y certifi && pip install certifi==2015.04.28

or

pip install requests[security]

answered Jul 29 '17 at 12:52

Cigodien

78
7

call to ssl.wrap_socket fails with the error Invalid SSL protocol variant specified

3 Answers3