(OMERO) IceSSL: unable to set ciphers

Hi Josh,

Thanks for the guidance. However, it seems not working properly?
Do you have any problem like this?
Best regards,
John

~/miniconda3/envs/py36/lib/python3.6/site-packages/Ice.py in initialize(args, data)
    703 the list that were recognized by the Ice run time.
    704 '''
--> 705     communicator = IcePy.Communicator(args, data)
    706     return CommunicatorI(communicator)
    707 

PluginInitializationException: exception ::Ice::PluginInitializationException
{
    reason = IceSSL: unable to set ciphers using `HIGH:ADH:@SECLEVEL=0':
invalid command
}

There are a few threads on the forums about this:

You might try read through those and compare your particular deployment platform.

~Josh

Hi @joshmoore,

The following script did help to get rid of the error message, however, the connection fails (returns false).
Do you have solution for that as well?
Best regards,
John

-self._optSetProp(id, prop, "HIGH:ADH:@SECLEVEL=0")
+self._optSetProp(id, prop, "ADH:!LOW:!MD5:!EXP:!3DES:@STRENGTH")

Hi @John_Xu,

Hmmm, not offhand. Can you show us the entire script? Are there any error messages in the server logs?

~Josh

I was playing around a bit with various options. The cipher setting seems to be very much determined by the openssl version installed. I have version 1.1.0l (Debian 9) and the setting ‘HIGH:ADH’ (without the ‘@SECLEVEL=0’ bit) seems to work.

Regards,
Dominik

Hi @joshmoore,

I didn’t check the logs yet. The code is simple like this, it returns false however the same code in python2 will give me true.

@dominikl “HIGH:ADH” doesn’t work as well, I am working on Centos 7.

In [1]: from omero.gateway import BlitzGateway 
   ...: conn = BlitzGateway('john', 'john', port=4064, host="localhost") 
   ...: conn.connect()                                                          
Out[1]: False

These are the logs from Bliitz-0.log

2019-10-25 13:36:00,001 INFO  [ ome.services.blitz.fire.SessionManagerI] (1-thread-5) Performing requestHeartbeats
2019-10-25 13:36:18,304 INFO  [ome.services.sessions.state.SessionCache] (1-thread-4) Synchronizing session cache. Count = 3
2019-10-25 13:36:18,304 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[9c3a07c6-435a-49cd-964f-1bbc9b208bdd]
2019-10-25 13:36:18,305 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:36:18,306 INFO  [         ome.security.basic.EventHandler] (1-thread-4)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:36:18,313 INFO  [                 org.perf4j.TimingLogger] (1-thread-4) start[1572010578305] time[8] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:36:18,313 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:36:18,313 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[22ae423d-cafe-41cc-96a7-214fdd26cf55]
2019-10-25 13:36:18,313 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:36:18,314 INFO  [         ome.security.basic.EventHandler] (1-thread-4)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:36:18,320 INFO  [                 org.perf4j.TimingLogger] (1-thread-4) start[1572010578313] time[7] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:36:18,320 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:36:18,321 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[09604136-fda3-431d-b8d4-98902f3a53c9]
2019-10-25 13:36:18,321 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:36:18,322 INFO  [         ome.security.basic.EventHandler] (1-thread-4)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:36:18,326 INFO  [                 org.perf4j.TimingLogger] (1-thread-4) start[1572010578321] time[5] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:36:18,327 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:36:18,327 INFO  [                 org.perf4j.TimingLogger] (1-thread-4) start[1572010578304] time[22] tag[omero.sessions.synchronization]
2019-10-25 13:36:18,327 INFO  [ome.services.sessions.state.SessionCache] (1-thread-4) Synchronization took 22 ms.
2019-10-25 13:38:18,304 INFO  [ome.services.sessions.state.SessionCache] (1-thread-1) Synchronizing session cache. Count = 3
2019-10-25 13:38:18,304 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[9c3a07c6-435a-49cd-964f-1bbc9b208bdd]
2019-10-25 13:38:18,305 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:38:18,306 INFO  [         ome.security.basic.EventHandler] (1-thread-1)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:38:18,314 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1572010698305] time[9] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:38:18,314 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:38:18,314 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[22ae423d-cafe-41cc-96a7-214fdd26cf55]
2019-10-25 13:38:18,314 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:38:18,316 INFO  [         ome.security.basic.EventHandler] (1-thread-1)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:38:18,322 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1572010698314] time[7] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:38:18,322 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:38:18,322 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[09604136-fda3-431d-b8d4-98902f3a53c9]
2019-10-25 13:38:18,322 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:38:18,323 INFO  [         ome.security.basic.EventHandler] (1-thread-1)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:38:18,329 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1572010698322] time[6] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:38:18,329 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:38:18,329 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1572010698304] time[24] tag[omero.sessions.synchronization]
2019-10-25 13:38:18,329 INFO  [ome.services.sessions.state.SessionCache] (1-thread-1) Synchronization took 24 ms.
2019-10-25 13:39:00,001 INFO  [ ome.services.blitz.fire.SessionManagerI] (1-thread-2) Performing requestHeartbeats

Could you paste the output of

  • rpm -qai 'openssl*'
  • conda info
  • conda list

Thanks

Hi @manics,

Many thanks for the help!

There are the information require.

Best regards,
John

~$ rpm -qai 'openssl*'
Name        : openssl-libs
Epoch       : 1
Version     : 1.0.2k
Release     : 19.el7
Architecture: x86_64
Install Date: Wed 16 Oct 2019 17:09:03 BST
Group       : System Environment/Libraries
Size        : 3208684
License     : OpenSSL
Signature   : RSA/SHA256, Thu 22 Aug 2019 22:37:33 BST, Key ID 24c6a8a7f4a80eb5
Source RPM  : openssl-1.0.2k-19.el7.src.rpm
Build Date  : Fri 09 Aug 2019 02:40:02 BST
Build Host  : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.openssl.org/
Summary     : A general purpose cryptography library with TLS implementation
Description :
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.
Name        : openssl-devel
Epoch       : 1
Version     : 1.0.2k
Release     : 19.el7
Architecture: x86_64
Install Date: Mon 21 Oct 2019 16:53:08 BST
Group       : Development/Libraries
Size        : 3268775
License     : OpenSSL
Signature   : RSA/SHA256, Thu 22 Aug 2019 22:37:32 BST, Key ID 24c6a8a7f4a80eb5
Source RPM  : openssl-1.0.2k-19.el7.src.rpm
Build Date  : Fri 09 Aug 2019 02:40:02 BST
Build Host  : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.openssl.org/
Summary     : Files for development of applications which will use OpenSSL
Description :
OpenSSL is a toolkit for supporting cryptography. The openssl-devel
package contains include files needed to develop applications which
support various cryptographic algorithms and protocols.
Name        : openssl
Epoch       : 1
Version     : 1.0.2k
Release     : 19.el7
Architecture: x86_64
Install Date: Wed 16 Oct 2019 17:09:47 BST
Group       : System Environment/Libraries
Size        : 833707
License     : OpenSSL
Signature   : RSA/SHA256, Thu 22 Aug 2019 22:37:31 BST, Key ID 24c6a8a7f4a80eb5
Source RPM  : openssl-1.0.2k-19.el7.src.rpm
Build Date  : Fri 09 Aug 2019 02:40:02 BST
Build Host  : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.openssl.org/
Summary     : Utilities from the general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

for condo info

     active environment : py36
    active env location :~/miniconda3/envs/py36
            shell level : 1
       user config file : ~/.condarc
 populated config files : 
          conda version : 4.7.12
    conda-build version : not installed
         python version : 3.7.3.final.0
       virtual packages : __cuda=10.2
       base environment : ~/miniconda3  (writable)
           channel URLs : https://repo.anaconda.com/pkgs/main/linux-64
                          https://repo.anaconda.com/pkgs/main/noarch
                          https://repo.anaconda.com/pkgs/r/linux-64
                          https://repo.anaconda.com/pkgs/r/noarch
          package cache : ~/miniconda3/pkgs
                          ~/.conda/pkgs
       envs directories : ~/miniconda3/envs
                          ~/.conda/envs
               platform : linux-64
             user-agent : conda/4.7.12 requests/2.21.0 CPython/3.7.3 Linux/3.10.0-957.27.2.el7.x86_64 centos/7.7.1908 glibc/2.17
                UID:GID : 11621:10041
             netrc file : None
           offline mode : False

Conda List

:~$ conda list
# packages in environment at ~/miniconda3/envs/py36:
#
# Name                    Version                   Build  Channel
_libgcc_mutex             0.1                        main  
attrs                     19.3.0                   pypi_0    pypi
backcall                  0.1.0                    pypi_0    pypi
bleach                    3.1.0                    pypi_0    pypi
ca-certificates           2019.5.15                     1  
certifi                   2019.6.16                py36_1  
cffi                      1.13.1                   pypi_0    pypi
decorator                 4.4.0                    pypi_0    pypi
defusedxml                0.6.0                    pypi_0    pypi
docutils                  0.15.2                   pypi_0    pypi
entrypoints               0.3                      pypi_0    pypi
filelock                  3.0.12                   pypi_0    pypi
future                    0.18.1                   pypi_0    pypi
importlib-metadata        0.23                     pypi_0    pypi
ipykernel                 5.1.3                    pypi_0    pypi
ipython                   7.8.0                    pypi_0    pypi
ipython-genutils          0.2.0                    pypi_0    pypi
jedi                      0.15.1                   pypi_0    pypi
jinja2                    2.10.3                   pypi_0    pypi
json5                     0.8.5                    pypi_0    pypi
jsonschema                3.1.1                    pypi_0    pypi
jupyter-client            5.3.4                    pypi_0    pypi
jupyter-core              4.6.1                    pypi_0    pypi
jupyterlab                1.1.4                    pypi_0    pypi
jupyterlab-server         1.0.6                    pypi_0    pypi
libedit                   3.1.20181209         hc058e9b_0  
libffi                    3.2.1                hd88cf55_4  
libgcc-ng                 9.1.0                hdf63c60_0  
libstdcxx-ng              9.1.0                hdf63c60_0  
markupsafe                1.1.1                    pypi_0    pypi
mistune                   0.8.4                    pypi_0    pypi
more-itertools            7.2.0                    pypi_0    pypi
nbconvert                 5.6.1                    pypi_0    pypi
nbformat                  4.4.0                    pypi_0    pypi
ncurses                   6.1                  he6710b0_1  
notebook                  6.0.1                    pypi_0    pypi
omego                     0.6.5                    pypi_0    pypi
omero-py                  5.5.dev1                  dev_0    <develop>
openssl                   1.1.1c               h7b6447c_1  
packaging                 19.2                     pypi_0    pypi
pandocfilters             1.4.2                    pypi_0    pypi
parso                     0.5.1                    pypi_0    pypi
pexpect                   4.7.0                    pypi_0    pypi
pickleshare               0.7.5                    pypi_0    pypi
pillow                    6.2.1                    pypi_0    pypi
pip                       19.3.1                   pypi_0    pypi
pluggy                    0.13.0                   pypi_0    pypi
prometheus-client         0.7.1                    pypi_0    pypi
prompt-toolkit            2.0.10                   pypi_0    pypi
ptyprocess                0.6.0                    pypi_0    pypi
py                        1.8.0                    pypi_0    pypi
pycparser                 2.19                     pypi_0    pypi
pygments                  2.4.2                    pypi_0    pypi
pyparsing                 2.4.2                    pypi_0    pypi
pyrsistent                0.15.4                   pypi_0    pypi
python                    3.6.9                h265db76_0  
python-dateutil           2.8.0                    pypi_0    pypi
pyvips                    2.1.8                    pypi_0    pypi
pyzmq                     18.1.0                   pypi_0    pypi
readline                  7.0                  h7b6447c_5  
restructuredtext-lint     1.3.0                    pypi_0    pypi
send2trash                1.5.0                    pypi_0    pypi
setuptools                41.0.1                   py36_0  
six                       1.12.0                   pypi_0    pypi
sqlite                    3.29.0               h7b6447c_0  
terminado                 0.8.2                    pypi_0    pypi
testpath                  0.4.2                    pypi_0    pypi
tk                        8.6.8                hbc83047_0  
toml                      0.10.0                   pypi_0    pypi
tornado                   6.0.3                    pypi_0    pypi
tox                       3.14.0                   pypi_0    pypi
traitlets                 4.3.3                    pypi_0    pypi
virtualenv                16.7.6                   pypi_0    pypi
wcwidth                   0.1.7                    pypi_0    pypi
webencodings              0.5.1                    pypi_0    pypi
wheel                     0.33.6                   pypi_0    pypi
xz                        5.2.4                h14c3975_4  
yaclifw                   0.2.0                    pypi_0    pypi
zeroc-ice                 3.6.5                    pypi_0    pypi
zipp                      0.6.0                    pypi_0    pypi
zlib                      1.2.11               h7b6447c_3  

Hi John

It looks like there are problems when pip installing zeroc-ice 3.6.5 into a CentOS7 conda environment. We’re working on a conda package for zeroc-ice (and eventually also omero-py), but in the meantime I recommend using the CentOS7 Python3 package instead:

yum install -y \
    python3 \
    python3-devel \
    gcc \
    gcc-c++ \
    libdb-utils \
    bzip2-devel \
    expat-devel \
    openssl-devel

python3 -mvenv venv
. venv/bin/activate
pip install zeroc-ice==3.6.5

If you’re running CentOS 7.5 or older python3 isn’t in the default repos but you can obtain it from the SCL repos instead

Hi @manics,

Many thanks for the help!
In this case, I will wait for the conda zeroc-ice package.

Best regards,
John

@John_Xu In case you missed it we’ve released a conda package: OMERO / Python 3 Rollout Plan

I’ve tested this in a centos:7 Docker image:

curl -sSfLO https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
bash Miniconda3-latest-Linux-x86_64.sh -b

. miniconda3/bin/activate
conda create -y -n omero -c ome omero-py==5.6.dev5
conda activate omero

omero login user@example.openmicroscopy.org
ERROR:omero.gateway:No Pillow installed, line plots and split channel will fail!
Password:
Created session for user@example.openmicroscopy.org:4064. Idle timeout: 10 min. Current group: Lab1

If you just want the Ice Python package: conda install -c ome zeroc-ice36-python

1 Like

Many thanks @manics, I’ve already deployed the 5.6 omero server and the new omero-py(5.6).
But it is still nice to know I can use omero-py without modifying the code.

1 Like

[quote=“manics, post:11, topic:30704”]
If you just want the Ice Python package: conda install -c ome zeroc-ice36-python[/quote]

Thank you! I wish I had seen this earlier, after spending a few hours diagnosing why zero zeroc-ice==3.6.5 did not work with conda. (It seems related conda having its own libssl? I was getting undefined symbols at run time.)

Hi,
we run an omero server 5.6 and I try to connect from a local ubuntu 18.04.03 LTS to the server via omero-py.
On the server I set:
“omero.glacier2.IceSSL.Ciphers=HIGH:ADH:@SECLEVEL=0”

Locally I used a venv and pip installed omero-py.
After:

 omero login

I get this Error message.

InternalException: Failed to connect: exception ::Ice::PluginInitializationException
{
    reason = IceSSL: unable to set ciphers using `HIGH:ADH:@SECLEVEL=0':
invalid command
}

It is possible that the answer was already posted but I wasn’t able to understand it.
Thank you for your help!

Hi Jonas,

you can connect to the server from other machines and/or with other clients (e.g. Insight), right?
Could you check the /etc/ssl/openssl.cnf file, if it contains lines setting MinProtocol or CipherString? That was an issue with Debian 10, wonder if that now happens on Ubuntu as well.

Kind Regards,
Dominik

Hi Dominik,
thank you for the fast answer.
Yes, I can connect easily with OMERO.web, Omero.Insight and even with the Fiji Omero Plugin.
On both machines (server and laptop, both Ubuntu 18.04) I cannot find MinProtocol or CipherString in the openssl.cnf file.
Btw. I am not using conda at my machine. Thus interference should not be a problem.
I also installed ice on my laptop and the version matches the server version.

This is configuration of the server:

================================================================================
OMERO Diagnostics (admin) 5.6.0
================================================================================
        
Commands:   java -version                  11.0.6    (/usr/bin/java)
Commands:   python -V                      3.6.9     (/opt/omero/server/venv3/bin/python -- 2 others)
Commands:   icegridnode --version          3.6.5     (/opt/ice-3.6.5-0.3.0/bin/icegridnode)
Commands:   icegridadmin --version         3.6.5     (/opt/ice-3.6.5-0.3.0/bin/icegridadmin)
Commands:   psql --version                 11.6      (/usr/bin/psql)
Commands:   openssl version                1.1.111   (/usr/bin/openssl)

Server:     icegridnode                    running
Server:     Blitz-0                        active (pid = 20412, enabled)
Server:     DropBox                        inactive (disabled)
Server:     FileServer                     inactive (disabled)
Server:     Indexer-0                      active (pid = 20436, enabled)
Server:     MonitorServer                  inactive (disabled)
Server:     OMERO.Glacier2                 active (pid = 20443, enabled)
Server:     OMERO.IceStorm                 active (pid = 20449, enabled)
Server:     PixelData-0                    active (pid = 20447, enabled)
Server:     Processor-0                    active (pid = 20479, enabled)
Server:     Tables-0                       inactive (disabled)
Server:     TestDropBox                    inactive (enabled)
Log dir:    /opt/omero/server/OMERO.server/var/log exists
Log files:  Blitz-0.log                    57.2 MB       errors=9    warnings=78  
Log files:  Blitz-0.log.save               14.2 MB       errors=3    warnings=43  
Log files:  DropBox.log                    n/a
Log files:  FileServer.log                 n/a
Log files:  Indexer-0.log                  124.2 KB      errors=0    warnings=8   
Log files:  MonitorServer.log              n/a
Log files:  PixelData-0.log                44.8 KB       errors=0    warnings=8   
Log files:  Processor-0.log                593.7 KB      errors=0    warnings=9   
Log files:  Tables-0.log                   n/a
Log files:  TestDropBox.log                n/a
Log files:  master.err                     240.8 KB      errors=0    warnings=5   
Log files:  master.out                     empty
Log files:  Total size                     72.43 MB


Environment:OMERO_HOME=(unset)             
Environment:OMERODIR=/opt/omero/server/OMERO.server 
Environment:OMERO_NODE=(unset)             
Environment:OMERO_MASTER=(unset)           
Environment:OMERO_USERDIR=(unset)          
Environment:OMERO_TMPDIR=(unset)           
Environment:PATH=/opt/omero/server/venv3/bin:/home/omero/.local/bin:/opt/omero/server/venv3/bin:/opt/ice-3.6.5-0.3.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin 
Environment:PYTHONPATH=(unset)             
Environment:ICE_HOME=/opt/ice-3.6.5-0.3.0  
Environment:LD_LIBRARY_PATH=(unset)        
Environment:DYLD_LIBRARY_PATH=(unset)      

OMERO SSL port:4064                           
OMERO TCP port:4063                           
OMERO data dir:'/OMERO_NFS'                   Exists? True	Is writable? True
OMERO temp dir:'/home/omero/omero/tmp'        Exists? True	Is writable? True   (Size: 0)

JVM settings: Blitz-${index}                -Xmx7200m -XX:MaxPermSize=1g -XX:+IgnoreUnrecognizedVMOptions
JVM settings: Indexer-${index}              -Xmx4800m -XX:MaxPermSize=1g -XX:+IgnoreUnrecognizedVMOptions
JVM settings: PixelData-${index}            -Xmx7200m -XX:MaxPermSize=1g -XX:+IgnoreUnrecognizedVMOptions
JVM settings: Repository-${index}           -Xmx4800m -XX:MaxPermSize=1g -XX:+IgnoreUnrecognizedVMOptions

I wonder if the OMERO command line client somehow falls back to a non supported cipher.
Could you try this little python script and see if that works. If it doesn’t you’ll hopefully at least get a more detailed error message.

import omero

c = omero.client(host="<HOSTNAME>", port=4064, args=[
    '--IceSSL.Trace.Security=1',
    '--IceSSL.Ciphers=HIGH:ADH:@SECLEVEL=0'
])

c.createSession("<USERNAME>","<PASSWORD>")
print("Connected.")
c.closeSession()

Thanks for still thinking about my problem!
Well, I got a more detailed error message. I named the script “SimpleConnector.py”. But the error message doesn’t say much to me.
Is it a problem you can reproduce or might it be specific to my situation?

Traceback (most recent call last):
  File "###/SimpleConnector.py", line 11, in <module>
    '--IceSSL.Ciphers=HIGH:ADH:@SECLEVEL=0'
  File "###/omero_venv/lib/python3.6/site-packages/omero/__init__.py", line 67, in client
    return omero.clients.BaseClient(*args, **kwargs)
  File "###/omero_venv/lib/python3.6/site-packages/omero/clients.py", line 170, in __init__
    self._initData(id)
  File "###/omero_venv/lib/python3.6/site-packages/omero/clients.py", line 297, in _initData
    self.__ic = Ice.initialize(id)
  File "###/omero_venv/lib/python3.6/site-packages/Ice.py", line 705, in initialize
    communicator = IcePy.Communicator(args, data)
Ice.PluginInitializationException: exception ::Ice::PluginInitializationException
{
    reason = IceSSL: unable to set ciphers using `HIGH:ADH:@SECLEVEL=0':
error # = 336486680
message = error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command
location = ssl_ciph.c, 1378
}

Running out of ideas… I tried to replicate the problem on a fresh Ubuntu 18.04 VM, but couldn’t, everything works like expected. Do we have different openssl versions maybe?
I used openssl-1.1.1-1ubuntu2.1~18.04.5 and libssl-dev-1.1.1-1ubuntu2.1~18.04.5 .

@jonas Could you please try running:

openssl ciphers HIGH
openssl ciphers ADH
openssl ciphers ADH:@SECLEVEL=0