goeapi icon indicating copy to clipboard operation
goeapi copied to clipboard
verified publisher icon aristanetworks

Need for a parameter to specify cipher suite

Open baobabtr33 opened this issue 9 months ago • 1 comments

I have been getting tls cipher issue when using the goeapi. For some dated Arista EOS (Software image version: 4.26.6M), there are only these https cipher suite available. TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA

However, becuase these suites are not supported by golang - we cannot resolve the tls issue unless we specify the cipher suite. I believe the cipher is dependent on golang, and the are not included in the golang cipher suites because they are vulnerable security-wise.

If you think this is needed, we are willing to fix this issue and merge.

(After upgrading the EOS to 4.32.XM, cipher suites are updated and this library works fine.)

baobabtr33 avatar Mar 28 '25 08:03 baobabtr33

This issue on tls has been mentioned on arista community as well. https://arista.my.site.com/AristaCommunity/s/article/Python-3-10-and-SSLV3-ALERT-HANDSHAKE-FAILURE-error

baobabtr33 avatar Mar 28 '25 08:03 baobabtr33

Please go ahead @baobabtr33

roopeshsn avatar Apr 06 '25 07:04 roopeshsn

The commit below fixes the problem.

Commit cc4d48c

baobabtr33 avatar May 06 '25 07:05 baobabtr33