Re: [python-users] nomads.ncep.noaa.gov GrADS server SSL server does not support the Renegotiation Indication Extension (RFC 5746)

To: Ken Harris <kjh@xxxxxxxxxxx>
Subject: Re: [python-users] nomads.ncep.noaa.gov GrADS server SSL server does not support the Renegotiation Indication Extension (RFC 5746)
From: Ryan May <rmay@xxxxxxxx>
Date: Mon, 27 Jun 2022 12:24:27 -0600

Hi,

I've never tried to deal with this before, but this stack overflow answer
might be helpful?

https://stackoverflow.com/questions/71603314/ssl-error-unsafe-legacy-renegotiation-disabled

Good luck!

Ryan

On Fri, Jun 24, 2022 at 3:51 PM Ken Harris <kjh@xxxxxxxxxxx> wrote:

> Peeps :
>
> Not exactly a python issue, but I'm looking for a python based work around
> :
>
> If I try to get data from nomads.ncep.noaa.gov, I get an error message :
>
> error:0A000152:SSL routines::unsafe legacy renegotiation disabled
>
> I've encountered this because Fedora recently moved to "OpenSSL 3.0",
> which disables SSL_OP_LEGACY_SERVER_CONNECT
>
> You can see this (on a machine running OpenSSL 3.0) by doing :
>
> ncdump -h
> http://nomads.ncep.noaa.gov/dods/gfs_1p00/gfs20220624/gfs_1p00_00z
>
> ... or by running the attached python code.
>
> This is because the nomads.ncep.noaa.gov GrADS server doesn't do RFC
> 5746 (so this might be nomads admin issue ... or GrADS server problem,
> but I suspect this would take a long time to upgrade).
>
> You can see also this by doing :
>
> openssl s_client -connect nomads.ncep.noaa.gov:443
>
> ... and noticing : "Secure Renegotiation IS NOT supported"
>
> This can be worked around by creating an OpenSSL config file and
> setting "Options = UnsafeLegacyRenegotiation" and then setting
> OPENSSL_CONF to this config file, but that's a bit ugly.  It would be
> nice to just set UnsafeLegacyRenegotiation for nomads, but I don't see
> how to do that.
>
> But I'm looking for a python workaround that I can put in my code
> (that will work w/ netcdf & xarray).
>
> Thanks,
> Ken
> _______________________________________________
> NOTE: All exchanges posted to Unidata maintained email lists are
> recorded in the Unidata inquiry tracking system and made publicly
> available through the web.  Users who post to any of the lists we
> maintain are reminded to remove any personal information that they
> do not want to be made public.
>
>
> python-users mailing list
> python-users@xxxxxxxxxxxxxxxx
> For list information, to unsubscribe, or change your membership options,
> visit: https://www.unidata.ucar.edu/mailing_lists/
>


-- 
Ryan May
Unidata Deputy Director
UCAR
Boulder, CO

References:
- [python-users] nomads.ncep.noaa.gov GrADS server SSL server does not support the Renegotiation Indication Extension (RFC 5746)
  - From: Ken Harris

2022 messages navigation, sorted by:
1. Thread
2. Subject
3. Author
4. Date
5. ↑ Table Of Contents
Search the python-users archives: