1

Inside docker python:3.6.9 container, I get the following error:

Got recoverable error from GET http://jira.url.com/rest/api/2/serverInfo, will retry [3/3]
in 46.27025457189083s. Err: HTTPSConnectionPool(host='jira.url.net', port=443):
Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLError(1,
'[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:852)'),))

On the host there is no issue with the exact same python environment. What's different about the container vs. host environment and how can I fix it?

Jonah
  • 727
  • 5
  • 12
  • You get this for a `http://` URL (no `s`)? – Klaus D. Jan 22 '20 at 16:50
  • is this https://stackoverflow.com/questions/58011032/docker-python-requests-results-in-dh-key-too-small-error applicable? – Shenanigator Jan 22 '20 at 16:51
  • re Klaus, I get the same issue if I put 'http' or 'https' as the URL, – Jonah Jan 22 '20 at 17:00
  • re shenanigator, It is the same version of openssl on both container and host 'OpenSSL 1.1.1d 10 Sep 2019' – Jonah Jan 22 '20 at 17:01
  • actually that isn't true. Checking openssl version this way points to different versions (2018 on host, 2019 on container): https://stackoverflow.com/questions/24323858/python-referencing-old-ssl-version – Jonah Jan 22 '20 at 17:08

1 Answers1

2

couple of related issues:

The version of openssl is different on the container vs. the host, but you need to check the version used by python which might be different from the default version on the path.

in the python3 container:

# openssl version
OpenSSL 1.1.1  11 Sep 2019
# python -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.1.1  11 Sep 2018

I wasn't sure how to install another OpenSSL version on the python image, so I just switched to ubuntu:18.04 which has the right version.

Jonah
  • 727
  • 5
  • 12