Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When I use the image FROM mcr.microsoft.com/playwright/python:v1.41.0-jammy, I encounter the following error when accessing a certain website: "ssl routines:: unsafe legacy renegotiation disabled." #30922

Closed
libp opened this issue May 21, 2024 · 4 comments
Closed

When I use the image FROM mcr.microsoft.com/playwright/python:v1.41.0-jammy, I encounter the following error when accessing a certain website: "ssl routines:: unsafe legacy renegotiation disabled." #30922

libp opened this issue May 21, 2024 · 4 comments

Comments

@libp
Copy link

libp commented May 21, 2024

Version

mcr.microsoft.com/playwright/python:v1.41.0-jammy

Steps to reproduce

curl https://xxx.oa.com
When I use the image FROM mcr.microsoft.com/playwright/python:v1.41.0-jammy, I encounter the following error when accessing a certain website: "ssl routines:: unsafe legacy renegotiation disabled."

Expected behavior

I expect to succcess response

Actual behavior

"ssl routines:: unsafe legacy renegotiation disabled."

Additional context

No response

Environment

docker 
FROM mcr.microsoft.com/playwright/python:v1.41.0-jammy
@libp
Copy link
Author

libp commented May 21, 2024

I will try to solve this problem. With the following configuration, curl can obtain a normal response, but the Python program still throws an exception.

1.Find the openssl.cnf file (mine is located at: /etc/ssl/openssl.cnf) and add the following content:

[ crypto_policy ]

# BEGIN LOCAL MODIFICATIONS
# <https://bugzilla.redhat.com/show_bug.cgi?id=2072070>
# <https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/issues/42>
Options = UnsafeLegacyServerConnect
# END LOCAL MODIFICATIONS
.include = /etc/crypto-policies/back-ends/opensslcnf.config

2.Create the file /etc/crypto-policies/back-ends/opensslcnf.config and add the following content:

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

ref:
https://stackoverflow.com/questions/71603314/ssl-error-unsafe-legacy-renegotiation-disabled
https://community.arubanetworks.com/discussion/unsafe-legacy-renegotiation-disabled-errors-from-openssl-3

@libp
Copy link
Author

libp commented May 21, 2024

Maybe I should upgrade my Docker image. Which version should I upgrade to in order to solve this issue?

@pavelfeldman
Copy link
Member

Is there a Playwright testing scenario that is broken due to this or do Playwright browsers navigate to the URL fine? It might be that curl needs additional openssl configuration to deal with it that I'm seeing on the internet. It is outside of the scope of Playwright though.

@pavelfeldman
Copy link
Member

We need more information to act on this report. As long as we can't repro it, it is unlikely with can make progress with it. Allow me to close it, but please file a new one and link to this issue when you get back to it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pavelfeldman @libp