0

I am using python3.4 and everything works well as expected until i install Spirent STC (even Avalanche). These are the traffic generators and have their own PYTHONPATH to update. I just kept my original PYTHONPATH and clubbed this one during env export. What's really bothering me here, Spirent starts working fine and SSH connection to any other device starts failing here. Kindly see my log below.

2017-01-06T10:18:53: %ROOT-INFO: | Connecting to iLinux                                                                                       |
2017-01-06T10:18:53: %ROOT-INFO: +************************************************************************************************************+
2017-01-06T10:18:53: %ROOT-INFO:
2017-01-06T10:18:53: %PARAMIKO-DEBUG: starting thread (client mode): 0xf47751ec
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Local version/idstring: SSH-2.0-paramiko_2.0.2
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Remote version/idstring: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
2017-01-06T10:18:53: %PARAMIKO-INFO: Connected (version 2.0, client OpenSSH_6.7p1)
2017-01-06T10:18:53: %PARAMIKO-DEBUG: kex algos:['curve25519-sha256@libssh.org', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha1'] server key:['ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ssh-ed25519'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com', 'chacha20-poly1305@openssh.com'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com', 'chacha20-poly1305@openssh.com'] client mac:['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] server mac:['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Kex agreed: diffie-hellman-group14-sha1
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Cipher agreed: aes128-ctr
2017-01-06T10:18:53: %PARAMIKO-DEBUG: MAC agreed: hmac-sha2-256
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Compression agreed: none
2017-01-06T10:18:54: %PARAMIKO-ERROR: Unknown exception: /ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/bindings/_openssl.cpython-34m.so: symbol SSL_SESSION_set1_id_context, version libssl.so.10 not defined in file libssl.so.10 with link time reference
2017-01-06T10:18:54: %PARAMIKO-ERROR: Traceback (most recent call last):
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/transport.py", line 1774, in run
2017-01-06T10:18:54: %PARAMIKO-ERROR:     self.kex_engine.parse_next(ptype, m)
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/kex_group1.py", line 75, in parse_next
2017-01-06T10:18:54: %PARAMIKO-ERROR:     return self._parse_kexdh_reply(m)
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/kex_group1.py", line 111, in _parse_kexdh_reply
2017-01-06T10:18:54: %PARAMIKO-ERROR:     self.transport._verify_key(host_key, sig)
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/transport.py", line 1619, in _verify_key
2017-01-06T10:18:54: %PARAMIKO-ERROR:     key = self._key_info[self.host_key_type](Message(host_key))
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/rsakey.py", line 58, in __init__
2017-01-06T10:18:54: %PARAMIKO-ERROR:     ).public_key(default_backend())
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/__init__.py", line 41, in default_backend
2017-01-06T10:18:54: %PARAMIKO-ERROR:     _default_backend = MultiBackend(_available_backends())
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/__init__.py", line 28, in _available_backends
2017-01-06T10:18:54: %PARAMIKO-ERROR:     "cryptography.backends"
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/__init__.py", line 27, in <listcomp>
2017-01-06T10:18:54: %PARAMIKO-ERROR:     for ep in pkg_resources.iter_entry_points(
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/pkg_resources/__init__.py", line 2235, in resolve
2017-01-06T10:18:54: %PARAMIKO-ERROR:     module = __import__(self.module_name, fromlist=['__name__'], level=0)
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
2017-01-06T10:18:54: %PARAMIKO-ERROR:     from cryptography.hazmat.backends.openssl.backend import backend
2017-01-06T10:18:54: %PARAMIKO-ERROR:   File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 46, in <module>
2017-01-06T10:18:54: %PARAMIKO-ERROR:     from cryptography.hazmat.bindings._openssl import ffi as _ffi
2017-01-06T10:18:54: %PARAMIKO-ERROR: ImportError: /ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/bindings/_openssl.cpython-34m.so: symbol SSL_SESSION_set1_id_context, version libssl.so.10 not defined in file libssl.so.10 with link time reference

I am using CentOS release 6.8 (Final) uname -a 1-photon SMP Fri Apr 22 22:28:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

(ssp_pyAts) [pusnaik@pusnaik-40042-prod STC_Scripts]$ rpm -qa | grep openssl
openssl-1.0.1e-48.el6_8.3.x86_64
openssl-devel-1.0.1e-48.el6_8.3.i686
openssl-devel-1.0.1e-48.el6_8.3.x86_64
openssl-1.0.1e-48.el6_8.3.i686

I noticed this as well:

1) Recommendation of openssl instead of against openssl10 (already in my system). 2) Fully update the the openssl and openssl-devil ( I did) 3) Edit  etc/yum.repos.d/ius-archive.repo to enable the ius archive , but we don’t have ius archive reference in above path. 4) yum install yum-plugin-replace (workspace) [root@pusnaik-40042-prod ~]# yum replace openssl --replace-with openssl10 Loaded plugins: fastestmirror, ovl, refresh-packagekit Usage: yum [options] COMMAND

Can i know, if I am really missing something ? All this starts happening when i set my Spirent path.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
Pushparaj Naik
  • 1
  • 1

1 Answers1

0

openssl10 is older than stock openssl, there is literally no benefit it using it. It is no longer maintained (hence being in the IUS archive) and has multiple known vulnerabilities, including heartbleed.

It appears that the application you are trying to use was built against the newer stock openssl, which has additional capabilities that the deprecated openssl10 does not have. Switching back to stock openssl should take care of your issue.

carlwgeorge
  • 514
  • 3
  • 10