Python 10+ EOS SSLV3_ALERT_HANDSHAKE_FAILURE

[rifen]

Description of Issue/Question

With Python 10+ the strength of the TLS stack is stronger. You have 2 options it seems:

1. Increase web server cipher suite.
2. Tell the eAPI client to use 'DEFAULT' ciphers.

Our team doesn't make the calls to be able to use option 1 and option 2 NAPALM seems to not support (at least that I am aware of)

eapi supporting documentation: https://pyeapi.readthedocs.io/_/downloads/en/develop/pdf/ (Page 28)

Our pyeapi implementation:

import pyeapi


def connect(switch):
    eapi_param = pyeapi.client.connect(
        transport='https',
        host=switch,
        username=username,
        password=password,
        port=443,
    )
    eapi_param.transport._context.set_ciphers('DEFAULT')
    return pyeapi.client.Node(eapi_param)

Did you follow the steps from https://github.com/napalm-automation/napalm#faq

(Place an x between the square brackets where applicable)

• [x] Yes
• [] No

Setup

napalm version

(Paste verbatim output from pip freeze | grep napalm between quotes below)

We removed NAPALM from this specific use case because it wasn't working but we were using 3.3.1

Network operating system version

(Paste verbatim output from show version - or equivalent - between quotes below)

EOS 4.24.6M

Steps to Reproduce the Issue

1. Install Python 10+
2. Install NAPALM
3. Utilize it with EOS devices.

Error Traceback

(Paste the complete traceback of the exception between quotes below)

 [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure.