Bug 250716

Summary: sysutils/py-hpilo: RC4-SHA is no longer available in openssl
Product: Ports & Packages Reporter: Matthias Pfaller <matthias.pfaller>
Component: Individual Port(s)Assignee: Luca Pizzamiglio <pizzamig>
Status: Closed FIXED    
Severity: Affects Some People Flags: pizzamig: maintainer-feedback+
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description Matthias Pfaller 2020-10-29 07:49:38 UTC
py37-hpilo_cli will fail because RC4-SHA is no longer available. Replacing the set_ciphers with a nop does the job for me, but it will probably no longer work with older (iLO3?) devices.

regards, Matthias

--- /usr/local/lib/python3.7/site-packages/hpilo.py~    2020-10-06 19:52:33.000000000 +0200
+++ /usr/local/lib/python3.7/site-packages/hpilo.py     2020-10-29 08:41:25.082982000 +0100
@@ -400,7 +400,7 @@
                 # Even more sadly, some iLOs are still using RC4-SHA
                 # which was dropped from the default cipher suite in
                 # Python 2.7.10 and Python 3.4.4. Add it back here :(
-                self.ssl_context.set_ciphers("RC4-SHA:" + ssl._DEFAULT_CIPHERS)
+                self.ssl_context.set_ciphers(ssl._DEFAULT_CIPHERS)
             return self.ssl_context.wrap_socket(
                 sock, server_hostname=self.hostname)
         except ssl.SSLError as exc:
Comment 1 Luca Pizzamiglio freebsd_committer 2020-11-21 11:19:44 UTC
I will put SHA-RC4 as an option, in case someone needs to use it (in conjunction with some unmaintained openssl) to be able to speak with old iLOs
Comment 2 commit-hook freebsd_committer 2020-11-21 16:55:01 UTC
A commit references this bug:

Author: pizzamig
Date: Sat Nov 21 16:54:26 UTC 2020
New revision: 555993
URL: https://svnweb.freebsd.org/changeset/ports/555993

  sysutils/py-hpilo: Update to 4.4.2

  Add support to python 3.9
  Remove RC4-SHA cypher support (not available in openssl any longer)
  RC4-SHA cypther can be added back via the specific option

  PR:	250716
  Submitted by:	Matthias Pfaller <matthias.pfaller@familie-pfaller.de>