[Pulp-list] Pulp 2.3.1 requires SSLv3 enabled? re: POODLE vulnerability

[Veiko Kukk]

On 18/10/14 00:33, Christina Plummer wrote:
> Hello Pulp folks,
>
> I am running Pulp 2.3.1.  When the SSLv3 POODLE vulnerability was
> reported earlier this week, I dutifully went out to my Pulp servers and
> disabled SSLv3 in the httpd config to mitigate the issue.  But then I
> discovered I could no longer run pulp-admin commands.
>
> Can I force pulp to use TLS instead of SSLv3?

Strange is that I have 2.3.1 running with apache sslv3 disabled, but 
2.4.2 fails when I disable sslv3.

 From 2.4.2 admin-log:

2014-10-19 13:46:09,410 - ERROR - Client-side exception occurred
Traceback (most recent call last):
   File 
"/usr/lib/python2.6/site-packages/pulp/client/extensions/core.py", line 
478, in run
     exit_code = Cli.run(self, args)
   File "/usr/lib/python2.6/site-packages/okaara/cli.py", line 974, in run
     exit_code = command_or_section.execute(self.prompt, remaining_args)
   File 
"/usr/lib/python2.6/site-packages/pulp/client/extensions/extensions.py", 
line 224, in execute
     return self.method(*arg_list, **clean_kwargs)
   File 
"/usr/lib/python2.6/site-packages/pulp_rpm/extensions/admin/repo_create_update.py", 
line 124, in run
     ids.TYPE_ID_IMPORTER_YUM, importer_config, distributors
   File "/usr/lib/python2.6/site-packages/pulp/bindings/repository.py", 
line 92, in create_and_configure
     return self.server.POST(path, repo_data)
   File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 
99, in POST
     return self._request('POST', path, body=body, 
ensure_encoding=ensure_encoding)
   File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 
143, in _request
     response_code, response_body = self.server_wrapper.request(method, 
url, body)
   File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 
326, in request
     raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, 'sslv3 alert handshake failure', None)

# rpm -qa|grep pulp
pulp-server-2.4.2-1.el6.noarch
pulp-admin-client-2.4.2-1.el6.noarch
python-isodate-0.5.0-4.pulp.el6.noarch
m2crypto-0.21.1.pulp-8.el6.x86_64
pulp-selinux-2.4.2-1.el6.noarch
python-rhsm-1.8.0-2.pulp.el6.x86_64
createrepo-0.9.9-21.2.pulp.el6.noarch
mod_wsgi-3.4-1.pulp.el6.x86_64
python-pulp-common-2.4.2-1.el6.noarch
python-kombu-3.0.15-12.pulp.el6.noarch
python-pulp-bindings-2.4.2-1.el6.noarch
pulp-rpm-admin-extensions-2.4.2-1.el6.noarch
pulp-rpm-plugins-2.4.2-1.el6.noarch
python-pulp-rpm-common-2.4.2-1.el6.noarch
python-pulp-client-lib-2.4.2-1.el6.noarch