During an internal security audit at our company, we faced false-positive security scan results for our IBM PA model ports.
To fix this, we followed the IBM tech note https://www.ibm.com/docs/en/planning-an ... rity-scans
And added a list of cipher suites to the Admin Server parameter and to the model .cfg file.
After that sslv3 handshake errors began to appear in our python scripts:
Code: Select all
requests.exceptions.SSLError: HTTPSConnectionPool(host='0.0.0.0.0', port=0000): Max retries exceeded with url: /api/v1/Configuration/ProductVersion/$value (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1000)')))We tried changing different sets of cipher suites but it didn't help at all.
Also found that there is a way to change default ssl-context in requests lib.
But we use TM1Service() for auth and requests lib is wrapped around deeply into TM1Py library.
Our environment details:
TM1 2.0.9.19, auth mode 5
Python 3.12.3
TM1Py 2.0.4
urllib3 2.2.3
requests 2.32.3
Sample python code for tests:
Code: Select all
from TM1py.Services import TM1Service
address = "0.0.0.0"
port = 0000
namespace = ""
user = ""
password =""
# TM1 Connection
with (TM1Service(address=address, port=port, ssl=True, user=user, password=password, namespace=namespace )) as tm1:
server_name = tm1.server.get_server_name()
print(server_name)P.S. We accidentally figured out that it works well with python 3.9.7
But we cannot go back to the previous version of python at prod env for a number of reasons.
Any help would be appreciated!
Andre