(OMERO) IceSSL: unable to set ciphers

Hi Josh,

Thanks for the guidance. However, it seems not working properly?
Do you have any problem like this?
Best regards,
John

~/miniconda3/envs/py36/lib/python3.6/site-packages/Ice.py in initialize(args, data)
    703 the list that were recognized by the Ice run time.
    704 '''
--> 705     communicator = IcePy.Communicator(args, data)
    706     return CommunicatorI(communicator)
    707 

PluginInitializationException: exception ::Ice::PluginInitializationException
{
    reason = IceSSL: unable to set ciphers using `HIGH:ADH:@SECLEVEL=0':
invalid command
}

There are a few threads on the forums about this:

You might try read through those and compare your particular deployment platform.

~Josh

Hi @joshmoore,

The following script did help to get rid of the error message, however, the connection fails (returns false).
Do you have solution for that as well?
Best regards,
John

-self._optSetProp(id, prop, "HIGH:ADH:@SECLEVEL=0")
+self._optSetProp(id, prop, "ADH:!LOW:!MD5:!EXP:!3DES:@STRENGTH")

Hi @John_Xu,

Hmmm, not offhand. Can you show us the entire script? Are there any error messages in the server logs?

~Josh

I was playing around a bit with various options. The cipher setting seems to be very much determined by the openssl version installed. I have version 1.1.0l (Debian 9) and the setting ‘HIGH:ADH’ (without the ‘@SECLEVEL=0’ bit) seems to work.

Regards,
Dominik

Hi @joshmoore,

I didn’t check the logs yet. The code is simple like this, it returns false however the same code in python2 will give me true.

@dominikl “HIGH:ADH” doesn’t work as well, I am working on Centos 7.

In [1]: from omero.gateway import BlitzGateway 
   ...: conn = BlitzGateway('john', 'john', port=4064, host="localhost") 
   ...: conn.connect()                                                          
Out[1]: False

These are the logs from Bliitz-0.log

2019-10-25 13:36:00,001 INFO  [ ome.services.blitz.fire.SessionManagerI] (1-thread-5) Performing requestHeartbeats
2019-10-25 13:36:18,304 INFO  [ome.services.sessions.state.SessionCache] (1-thread-4) Synchronizing session cache. Count = 3
2019-10-25 13:36:18,304 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[9c3a07c6-435a-49cd-964f-1bbc9b208bdd]
2019-10-25 13:36:18,305 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:36:18,306 INFO  [         ome.security.basic.EventHandler] (1-thread-4)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:36:18,313 INFO  [                 org.perf4j.TimingLogger] (1-thread-4) start[1572010578305] time[8] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:36:18,313 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:36:18,313 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[22ae423d-cafe-41cc-96a7-214fdd26cf55]
2019-10-25 13:36:18,313 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:36:18,314 INFO  [         ome.security.basic.EventHandler] (1-thread-4)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:36:18,320 INFO  [                 org.perf4j.TimingLogger] (1-thread-4) start[1572010578313] time[7] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:36:18,320 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:36:18,321 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[09604136-fda3-431d-b8d4-98902f3a53c9]
2019-10-25 13:36:18,321 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:36:18,322 INFO  [         ome.security.basic.EventHandler] (1-thread-4)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:36:18,326 INFO  [                 org.perf4j.TimingLogger] (1-thread-4) start[1572010578321] time[5] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:36:18,327 INFO  [        ome.services.util.ServiceHandler] (1-thread-4)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:36:18,327 INFO  [                 org.perf4j.TimingLogger] (1-thread-4) start[1572010578304] time[22] tag[omero.sessions.synchronization]
2019-10-25 13:36:18,327 INFO  [ome.services.sessions.state.SessionCache] (1-thread-4) Synchronization took 22 ms.
2019-10-25 13:38:18,304 INFO  [ome.services.sessions.state.SessionCache] (1-thread-1) Synchronizing session cache. Count = 3
2019-10-25 13:38:18,304 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[9c3a07c6-435a-49cd-964f-1bbc9b208bdd]
2019-10-25 13:38:18,305 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:38:18,306 INFO  [         ome.security.basic.EventHandler] (1-thread-1)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:38:18,314 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1572010698305] time[9] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:38:18,314 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:38:18,314 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[22ae423d-cafe-41cc-96a7-214fdd26cf55]
2019-10-25 13:38:18,314 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:38:18,316 INFO  [         ome.security.basic.EventHandler] (1-thread-1)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:38:18,322 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1572010698314] time[7] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:38:18,322 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:38:18,322 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.reload[09604136-fda3-431d-b8d4-98902f3a53c9]
2019-10-25 13:38:18,322 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Args:	[null, InternalSF@1385623564]
2019-10-25 13:38:18,323 INFO  [         ome.security.basic.EventHandler] (1-thread-1)  Auth:	user=0,group=0,event=null(Sessions),sess=09604136-fda3-431d-b8d4-98902f3a53c9
2019-10-25 13:38:18,329 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1572010698322] time[6] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$6.doWork]
2019-10-25 13:38:18,329 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Rslt:	(ome.model.meta.Experimenter:Id_0, ome.model.meta.ExperimenterGroup:Id_0, (ome.model.enums.AdminPrivilege:Sudo:Hash_-112640247, ome.model.enums.AdminPrivilege:ModifyGroupMembership:Hash_-1527772169, ome.model.enums.AdminPrivilege:WriteScriptRepo:Hash_1787880568, ... 12 more), ... 5 more)
2019-10-25 13:38:18,329 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1572010698304] time[24] tag[omero.sessions.synchronization]
2019-10-25 13:38:18,329 INFO  [ome.services.sessions.state.SessionCache] (1-thread-1) Synchronization took 24 ms.
2019-10-25 13:39:00,001 INFO  [ ome.services.blitz.fire.SessionManagerI] (1-thread-2) Performing requestHeartbeats

Could you paste the output of

  • rpm -qai 'openssl*'
  • conda info
  • conda list

Thanks

Hi @manics,

Many thanks for the help!

There are the information require.

Best regards,
John

~$ rpm -qai 'openssl*'
Name        : openssl-libs
Epoch       : 1
Version     : 1.0.2k
Release     : 19.el7
Architecture: x86_64
Install Date: Wed 16 Oct 2019 17:09:03 BST
Group       : System Environment/Libraries
Size        : 3208684
License     : OpenSSL
Signature   : RSA/SHA256, Thu 22 Aug 2019 22:37:33 BST, Key ID 24c6a8a7f4a80eb5
Source RPM  : openssl-1.0.2k-19.el7.src.rpm
Build Date  : Fri 09 Aug 2019 02:40:02 BST
Build Host  : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.openssl.org/
Summary     : A general purpose cryptography library with TLS implementation
Description :
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.
Name        : openssl-devel
Epoch       : 1
Version     : 1.0.2k
Release     : 19.el7
Architecture: x86_64
Install Date: Mon 21 Oct 2019 16:53:08 BST
Group       : Development/Libraries
Size        : 3268775
License     : OpenSSL
Signature   : RSA/SHA256, Thu 22 Aug 2019 22:37:32 BST, Key ID 24c6a8a7f4a80eb5
Source RPM  : openssl-1.0.2k-19.el7.src.rpm
Build Date  : Fri 09 Aug 2019 02:40:02 BST
Build Host  : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.openssl.org/
Summary     : Files for development of applications which will use OpenSSL
Description :
OpenSSL is a toolkit for supporting cryptography. The openssl-devel
package contains include files needed to develop applications which
support various cryptographic algorithms and protocols.
Name        : openssl
Epoch       : 1
Version     : 1.0.2k
Release     : 19.el7
Architecture: x86_64
Install Date: Wed 16 Oct 2019 17:09:47 BST
Group       : System Environment/Libraries
Size        : 833707
License     : OpenSSL
Signature   : RSA/SHA256, Thu 22 Aug 2019 22:37:31 BST, Key ID 24c6a8a7f4a80eb5
Source RPM  : openssl-1.0.2k-19.el7.src.rpm
Build Date  : Fri 09 Aug 2019 02:40:02 BST
Build Host  : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.openssl.org/
Summary     : Utilities from the general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

for condo info

     active environment : py36
    active env location :~/miniconda3/envs/py36
            shell level : 1
       user config file : ~/.condarc
 populated config files : 
          conda version : 4.7.12
    conda-build version : not installed
         python version : 3.7.3.final.0
       virtual packages : __cuda=10.2
       base environment : ~/miniconda3  (writable)
           channel URLs : https://repo.anaconda.com/pkgs/main/linux-64
                          https://repo.anaconda.com/pkgs/main/noarch
                          https://repo.anaconda.com/pkgs/r/linux-64
                          https://repo.anaconda.com/pkgs/r/noarch
          package cache : ~/miniconda3/pkgs
                          ~/.conda/pkgs
       envs directories : ~/miniconda3/envs
                          ~/.conda/envs
               platform : linux-64
             user-agent : conda/4.7.12 requests/2.21.0 CPython/3.7.3 Linux/3.10.0-957.27.2.el7.x86_64 centos/7.7.1908 glibc/2.17
                UID:GID : 11621:10041
             netrc file : None
           offline mode : False

Conda List

:~$ conda list
# packages in environment at ~/miniconda3/envs/py36:
#
# Name                    Version                   Build  Channel
_libgcc_mutex             0.1                        main  
attrs                     19.3.0                   pypi_0    pypi
backcall                  0.1.0                    pypi_0    pypi
bleach                    3.1.0                    pypi_0    pypi
ca-certificates           2019.5.15                     1  
certifi                   2019.6.16                py36_1  
cffi                      1.13.1                   pypi_0    pypi
decorator                 4.4.0                    pypi_0    pypi
defusedxml                0.6.0                    pypi_0    pypi
docutils                  0.15.2                   pypi_0    pypi
entrypoints               0.3                      pypi_0    pypi
filelock                  3.0.12                   pypi_0    pypi
future                    0.18.1                   pypi_0    pypi
importlib-metadata        0.23                     pypi_0    pypi
ipykernel                 5.1.3                    pypi_0    pypi
ipython                   7.8.0                    pypi_0    pypi
ipython-genutils          0.2.0                    pypi_0    pypi
jedi                      0.15.1                   pypi_0    pypi
jinja2                    2.10.3                   pypi_0    pypi
json5                     0.8.5                    pypi_0    pypi
jsonschema                3.1.1                    pypi_0    pypi
jupyter-client            5.3.4                    pypi_0    pypi
jupyter-core              4.6.1                    pypi_0    pypi
jupyterlab                1.1.4                    pypi_0    pypi
jupyterlab-server         1.0.6                    pypi_0    pypi
libedit                   3.1.20181209         hc058e9b_0  
libffi                    3.2.1                hd88cf55_4  
libgcc-ng                 9.1.0                hdf63c60_0  
libstdcxx-ng              9.1.0                hdf63c60_0  
markupsafe                1.1.1                    pypi_0    pypi
mistune                   0.8.4                    pypi_0    pypi
more-itertools            7.2.0                    pypi_0    pypi
nbconvert                 5.6.1                    pypi_0    pypi
nbformat                  4.4.0                    pypi_0    pypi
ncurses                   6.1                  he6710b0_1  
notebook                  6.0.1                    pypi_0    pypi
omego                     0.6.5                    pypi_0    pypi
omero-py                  5.5.dev1                  dev_0    <develop>
openssl                   1.1.1c               h7b6447c_1  
packaging                 19.2                     pypi_0    pypi
pandocfilters             1.4.2                    pypi_0    pypi
parso                     0.5.1                    pypi_0    pypi
pexpect                   4.7.0                    pypi_0    pypi
pickleshare               0.7.5                    pypi_0    pypi
pillow                    6.2.1                    pypi_0    pypi
pip                       19.3.1                   pypi_0    pypi
pluggy                    0.13.0                   pypi_0    pypi
prometheus-client         0.7.1                    pypi_0    pypi
prompt-toolkit            2.0.10                   pypi_0    pypi
ptyprocess                0.6.0                    pypi_0    pypi
py                        1.8.0                    pypi_0    pypi
pycparser                 2.19                     pypi_0    pypi
pygments                  2.4.2                    pypi_0    pypi
pyparsing                 2.4.2                    pypi_0    pypi
pyrsistent                0.15.4                   pypi_0    pypi
python                    3.6.9                h265db76_0  
python-dateutil           2.8.0                    pypi_0    pypi
pyvips                    2.1.8                    pypi_0    pypi
pyzmq                     18.1.0                   pypi_0    pypi
readline                  7.0                  h7b6447c_5  
restructuredtext-lint     1.3.0                    pypi_0    pypi
send2trash                1.5.0                    pypi_0    pypi
setuptools                41.0.1                   py36_0  
six                       1.12.0                   pypi_0    pypi
sqlite                    3.29.0               h7b6447c_0  
terminado                 0.8.2                    pypi_0    pypi
testpath                  0.4.2                    pypi_0    pypi
tk                        8.6.8                hbc83047_0  
toml                      0.10.0                   pypi_0    pypi
tornado                   6.0.3                    pypi_0    pypi
tox                       3.14.0                   pypi_0    pypi
traitlets                 4.3.3                    pypi_0    pypi
virtualenv                16.7.6                   pypi_0    pypi
wcwidth                   0.1.7                    pypi_0    pypi
webencodings              0.5.1                    pypi_0    pypi
wheel                     0.33.6                   pypi_0    pypi
xz                        5.2.4                h14c3975_4  
yaclifw                   0.2.0                    pypi_0    pypi
zeroc-ice                 3.6.5                    pypi_0    pypi
zipp                      0.6.0                    pypi_0    pypi
zlib                      1.2.11               h7b6447c_3  

Hi John

It looks like there are problems when pip installing zeroc-ice 3.6.5 into a CentOS7 conda environment. We’re working on a conda package for zeroc-ice (and eventually also omero-py), but in the meantime I recommend using the CentOS7 Python3 package instead:

yum install -y \
    python3 \
    python3-devel \
    gcc \
    gcc-c++ \
    libdb-utils \
    bzip2-devel \
    expat-devel \
    openssl-devel

python3 -mvenv venv
. venv/bin/activate
pip install zeroc-ice==3.6.5

If you’re running CentOS 7.5 or older python3 isn’t in the default repos but you can obtain it from the SCL repos instead

Hi @manics,

Many thanks for the help!
In this case, I will wait for the conda zeroc-ice package.

Best regards,
John

@John_Xu In case you missed it we’ve released a conda package: OMERO / Python 3 Rollout Plan

I’ve tested this in a centos:7 Docker image:

curl -sSfLO https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
bash Miniconda3-latest-Linux-x86_64.sh -b

. miniconda3/bin/activate
conda create -y -n omero -c ome omero-py==5.6.dev5
conda activate omero

omero login user@example.openmicroscopy.org
ERROR:omero.gateway:No Pillow installed, line plots and split channel will fail!
Password:
Created session for user@example.openmicroscopy.org:4064. Idle timeout: 10 min. Current group: Lab1

If you just want the Ice Python package: conda install -c ome zeroc-ice36-python

1 Like

Many thanks @manics, I’ve already deployed the 5.6 omero server and the new omero-py(5.6).
But it is still nice to know I can use omero-py without modifying the code.

1 Like