Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-79172

KMIP Server problems with python upgrade

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 8.0.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Fully Compatible
    • ALL
    • Security 2023-08-07, Security 2023-11-13, Security 2023-11-27, Security 2023-12-11, Security 2023-12-25, Security 2024-01-08, Security 2024-01-22, Security 2024-02-05

      https://spruce.mongodb.com/version/64b9b44357e85af37b44b002/tasks?page=0&sorts=STATUS%3AASC%3BBASE_STATUS%3ADESC&taskName=audit

       
      I am trying to debug a windows python upgrade and some security tests are failing with

       

      [js_test:log_file_integrity] sh8596| [ERROR] kmip.server.session.00000003: EOF occurred in violation of protocol (_ssl.c:1007)
      [js_test:log_file_integrity] sh8596| Traceback (most recent call last):
      [js_test:log_file_integrity] sh8596| File "C:\data\mci\393356a0638db39b02b67719ef5460f8\venv\lib\site-packages\kmip\services\server\session.py", line 102, in run
      [js_test:log_file_integrity] sh8596| self._connection.do_handshake()
      [js_test:log_file_integrity] sh8596| File "C:\python\python310\lib\ssl.py", line 1342, in do_handshake
      [js_test:log_file_integrity] sh8596| self._sslobj.do_handshake()
      [js_test:log_file_integrity] sh8596| ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1007) 

      From a before and after I noticed the cipher selected before vs after my change is different
      AFTER:
      [js_test:log_file_integrity] sh8596| [DEBUG] kmip.server.session.00000001: Session cipher selected: ('ECDHE-RSA-AES128-SHA256', 'TLSv1.2', 128)
      BEFORE:
      [js_test:log_file_integrity] sh5876| [DEBUG] kmip.server.session.00000001: Session cipher selected: ('AES128-SHA256', 'TLSv1.2', 128)
      PB with my changes is linked above (this is very much a WIP and contains a lot of unrelated stuff - please chat with me before looking at this code)

      I tried hardcoding the tls_cipher_suites but that didn't fix the problem

       

        1. KMIP-TLS-handshake-SHA1-cert-202401181247.pcapng
          15 kB
          Erling Austvoll
        2. KMIP-TLS-handshake-SHA256-cert-202401181252.pcapng
          10 kB
          Erling Austvoll
        3. mongodb-linux-sha1-kmip-success.log
          69 kB
          Erling Austvoll
        4. mongod-kmip-sha1-202401181443.log
          36 kB
          Erling Austvoll

            Assignee:
            adam.rayner@mongodb.com Adam Rayner
            Reporter:
            alex.neben@mongodb.com Alex Neben
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: