[Errno 1] _ssl.c:504: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

[lucid772]

Below is the message I keep seeing in console. I will also mention that when I run the "check now" portion of the update mechanic, I only seem go get progress on 1/10 recipes (as seen in the messages below). Any advise would be great.

10/30/14 5:21:08.465 PM AutoPkgr30196 Processing AdobeFlashPlayer.jss...
10/30/14 5:21:12.976 PM AutoPkgr[30196] [DEBUG](FULL AUTOPKG TRACEBACK) Traceback (most recent call last):
File "/usr/local/bin/autopkg", line 1334, in
sys.exit(main(sys.argv))
File "/usr/local/bin/autopkg", line 1328, in main
exit(subcommands[verb]'function')
File "/usr/local/bin/autopkg", line 1152, in run_recipes
autopackager.process(recipe)
File "/Library/AutoPkg/autopkglib/init.py", line 466, in process
self.env = processor.process()
File "/Library/AutoPkg/autopkglib/init.py", line 295, in process
self.main()
File "/Library/AutoPkg/autopkglib/JSSImporter.py", line 571, in main
ssl_verify=sslVerify, repo_prefs=repos)
File "/Library/Python/2.7/site-packages/jss/jss.py", line 166, in init
self.distribution_points = distribution_points.DistributionPoints(self)
File "/Library/Python/2.7/site-packages/jss/distribution_points.py", line 58, in init
self.response = j.DistributionPoint().retrieve_all()
File "/Library/Python/2.7/site-packages/jss/jss.py", line 314, in DistributionPoint
return self.factory.get_object(DistributionPoint, data)
File "/Library/Python/2.7/site-packages/jss/jss.py", line 451, in get_object
result = self.jss.get(url)
File "/Library/Python/2.7/site-packages/jss/jss.py", line 193, in get
response = self.session.get(url)
File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 460, in get
return self.request('GET', url, *_kwargs)
File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 448, in request
resp = self.send(prep, *_send_kwargs)
File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 554, in send
r = adapter.send(request, **kwargs)
File "/Library/Python/2.7/site-packages/jss/contrib/requests/adapters.py", line 417, in send
raise SSLError(e, request=request)
jss.contrib.requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
10/30/14 5:21:12.977 PM AutoPkgr[30196] [DEBUG] Completed AutoPkg Task:
/usr/bin/python /usr/local/bin/autopkg run --recipe-list /Users/admin/Library/Application Support/AutoPkgr/recipe_list.txt --report-plist /var/folders/9y/h5clnn9j5vq8zxqrbw58_26w0000gn/T/626C5FB0-D746-4DB9-8CF6-F751F6797692-30196-0001C51BF74B3507

[eahrold]

@lucid772 this is exactly the same thing that was happening in #168.

We never did get it resolved as it ended up being an actual issue with their certificate

you can try running this command from the terminal

defaults write com.github.autopkg JSS_VERIFY_SSL -bool false

It may work for you,
but also you should really test you certificate by running either

openssl s_client -tls1 -connect jss.your.server:8443

or

openssl s_client -ssl3 -connect jss.your.server:8443

And see what it shows.
feel free to post the results and I can maybe put 1 and 1 together.

Thanks,

Eldon

[lucid772]

So I ran the defaults command, and it still produces the same error. openssl s_client -tls1 -connect jss.your.server:8443 (with my server) shows my Self Signed cert on the jss. The ssl3 command errors when I run it.

I should note that I am using a self signed cert, and I have to add a browser exception when launching my JSS from a new browser. I also do own a valid wildcard SSL cert, but was told that I would need to re-enroll each of the enrolled machines if I changed my cert from self signed to the public wildcard SSL.

Any advise would be great :)

[eahrold]

One other thing you could try is to run it manually from the terminal

autopkg run --recipe-list ~/Library/Application\ Support/AutoPkgr/recipe_list.txt --report-plist /tmp/report.plist

If you don't see this error

/Library/Python/2.7/site-packages/jss/contrib/requests/packages/urllib3/connectionpool.py:730: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html (This warning will only appear once by default.)
  InsecureRequestWarning)

Then the preference key is not set correctly, and you should go to your ~/Library/Preferences/com.github.autopkg.plist and double check that the preference stuck
It should look exactly like this...

    <key>JSS_VERIFY_SSL</key>
    <false/>

[lucid772]

1. My plist has that setting, for sure.
2. When I run that terminal command, I get the following output:
   Processing AdobeFlashPlayer.jss...
   Traceback (most recent call last):
   File "/usr/local/bin/autopkg", line 1334, in
   sys.exit(main(sys.argv))
   File "/usr/local/bin/autopkg", line 1328, in main
   exit(subcommands[verb]'function')
   File "/usr/local/bin/autopkg", line 1152, in run_recipes
   autopackager.process(recipe)
   File "/Library/AutoPkg/autopkglib/init.py", line 466, in process
   self.env = processor.process()
   File "/Library/AutoPkg/autopkglib/init.py", line 295, in process
   self.main()
   File "/Library/AutoPkg/autopkglib/JSSImporter.py", line 571, in main
   ssl_verify=sslVerify, repo_prefs=repos)
   File "/Library/Python/2.7/site-packages/jss/jss.py", line 166, in init
   self.distribution_points = distribution_points.DistributionPoints(self)
   File "/Library/Python/2.7/site-packages/jss/distribution_points.py", line 58, in init
   self.response = j.DistributionPoint().retrieve_all()
   File "/Library/Python/2.7/site-packages/jss/jss.py", line 314, in DistributionPoint
   return self.factory.get_object(DistributionPoint, data)
   File "/Library/Python/2.7/site-packages/jss/jss.py", line 451, in get_object
   result = self.jss.get(url)
   File "/Library/Python/2.7/site-packages/jss/jss.py", line 193, in get
   response = self.session.get(url)
   File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 460, in get
   return self.request('GET', url, *_kwargs)
   File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 448, in request
   resp = self.send(prep, *_send_kwargs)
   File "/Library/Python/2.7/site-packages/jss/contrib/requests/sessions.py", line 554, in send
   r = adapter.send(request, **kwargs)
   File "/Library/Python/2.7/site-packages/jss/contrib/requests/adapters.py", line 417, in send
   raise SSLError(e, request=request)
   jss.contrib.requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I should note that I do not get a posted error in AutoPkgr when trying to force the update check, the error in question only appears in the console.

[eahrold]

That's normal. It was a design decision to limit the traceback message to the last line in the UI. Before we did that there were occasions where the traceback was so long the error panel went past the dock and we were unable to click "OK"

---

At this point I'm not sure what's going on.

You should probably head over to https://github.com/sheagcraig/jss-autopkg-addon and post the issue there.

The defaults command should do the trick and you're the second person reporting that it's not.

He may be able to ask you some more specific questions to help diagnose the issue.

Sorry I couldn't be more help.

[eahrold]

Please follow responses here
jssimporter/JSSImporter#9 (comment)