Distributions: sslv3 alert handshake failure when downloading nodesource gpg apt key

Created on 9 Sep 2016  路  10Comments  路  Source: nodesource/distributions

Our apt installs of node on ubuntu are failing. Did something change?

Failed to download key at https://deb.nodesource.com/gpgkey/nodesource.gpg.key: Request failed: <urlopen error [Errno 1] _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure>

Seem to not work for sslv3 anymore.

curl -3 https://deb.nodesource.com/gpgkey/nodesource.gpg.key
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Most helpful comment

Pretty sure this will affect anyone installing node w/ ansible from nodesource. Will have to find a workaround.

All 10 comments

Hi @jamesongithub - we just recently moved repository hosting to CloudFront in order to increase availability and security. See https://github.com/nodesource/distributions/issues/353#issuecomment-245766143 for more information. The latest versions of curl and wget should be able to successfully connect.

Unfortunately we are using ansible / python2.

Pretty sure this will affect anyone installing node w/ ansible from nodesource. Will have to find a workaround.

Hey @jamesongithub did you find a workaround? This is blocking my deploys now

Okay if someone stumbles upon this, it seems if you're on Ubuntu Trusty, using Python 2.7.6, you'll need to bypass Python via e.g. curl: https://github.com/ansible/ansible/issues/9966#issuecomment-246373269

yeah just download the key with wget or curl and import the key manually

FYI: this is still happening, nearly 6mos later.

it was never "fixed" @t-readyroc see the workaround above

Yes @t-readyroc , this wasn't "fixed" nor will it be because it's not broken. We're using the TLS settings that are recommended by AWS for proper security. We don't feel that weakening this to support super old SSL implementations is in the best interests of anybody.

FWIW another solution (on Trusty at least) is to install an updated version of python.

add-apt-repository ppa:jonathonf/python-2.7
apt-get update
apt-get install -y python2.7

then re-run your Ansible play. You may need to purge package lists path (rm -rf /var/lib/apt/lists/*)

Was this page helpful?
0 / 5 - 0 ratings