thomaspatzke
Installing Requirements-proxy break Encrypted connections
When I tried to install elastic-burp i encountered an error while installing the requirements. Within the requirements-proxy the dependency cryptography==2.8 is specified.
This leads to error: ERROR: pyopenssl 19.1.0 has requirement cryptography>=2.8, but you'll have cryptography 1.8.1 which is incompatible.
After that pip does not work anymore due to the following error: Error WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)': /simple/elasticsearch/
Steps to reproduce
virtualenv venv
source venv/bin/activate
pip install -r requirements-proxy.txt # includes the dependency error
pip install -r -r requirements-proxy.txt # Repeat of the previously working command (now fails)
(My) solution
Removing the stickied version from cryptography within the requirements-proxy.txt seemed to resolve the problem.
New requirements-proxy.txt content:
cryptography==2.8
elasticsearch==5.1.0
elasticsearch-dsl==5.1.0
pymiproxy==1.0
pyparsing==2.2.0
six==1.10.0
tzlocal==1.3
Pip freeze output afterwards
cffi==1.14.0
cryptography==2.8
elasticsearch==6.0.0
elasticsearch-dsl==6.0.0
enum34==1.1.9
ipaddress==1.0.23
pycparser==2.19
pymiproxy==1.0
pyOpenSSL==19.1.0
pyparsing==2.2.0
python-dateutil==2.8.1
pytz==2019.3
six==1.10.0
tzlocal==1.3
urllib3==1.22
Remarks
On a sidenote, there is still elasticsearch==5.1.0 and elasticsearch-dsl==5.1.0 specified within the requirements-proxy.txt, which causes Issue #12 for the Burp plugin.
