Difference between revisions of "OpenBIS change of minimal TLS version required for connections"
(Created page with "==Introduction== On the Euler cluster, users can use the PyBIS package to connect to OpenBIS instances. PyBIS uses OpenSSL to make connections from the Euler cluster to OpenBI...") |
(→Introduction) |
||
| Line 1: | Line 1: | ||
==Introduction== | ==Introduction== | ||
| − | On the Euler cluster, users can use the PyBIS package to connect to OpenBIS instances. PyBIS uses OpenSSL to | + | On the Euler cluster, users can use the PyBIS package to connect to OpenBIS instances. PyBIS uses OpenSSL to establish a connection to OpenBIS and uses the TLS protocol for this. Since today, OpenBIS has a requirement that only connections with TLS 1.3 are accepted. The default OpenSSL library on Euler does only support up to TLS 1.2 and therefore almost all versions of PyBIS are not working any more. |
==Workaround== | ==Workaround== | ||
Revision as of 14:05, 30 June 2022
Introduction
On the Euler cluster, users can use the PyBIS package to connect to OpenBIS instances. PyBIS uses OpenSSL to establish a connection to OpenBIS and uses the TLS protocol for this. Since today, OpenBIS has a requirement that only connections with TLS 1.3 are accepted. The default OpenSSL library on Euler does only support up to TLS 1.2 and therefore almost all versions of PyBIS are not working any more.
Workaround
The most recent Python installation on Euler (3.10.4) was built with the newer OpenSSL version provided by CentOS 7.9, which supports TLS 1.3. It has PyBIS 1.36.3 installed (https://scicomp.ethz.ch/wiki/Python_on_Euler#python_gpu.2F3.10.4)
module load gcc/8.2.0 python/3.10.4
All older Python installations can only use TLS 1.2. Therefore if you are using PyBIS on Euler, then please migrate your workflow to Python 3.10.4.
