SSL-error when programmatically stop and start service Pro 3.1

1657
2
03-16-2023 11:35 AM
MichaelVolz
Esteemed Contributor

I have a simple ArcGIS API for Python script to stop and start Portal services that was working on a Windows Server with Pro 2.9.5 installed on it.  I upgraded to Pro 3.1 and now I get the following error "SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED"

Has anyone updated a similar type of script to Pro 3.1 and seen a similar failure?  If so, was there anything you could do besides downgrading the Pro software to resolve this issue?

Any feedback is greatly appreciated.  Thanks.

2 Replies
HannesGrothkopf
Occasional Contributor

Hi Michael,

 

I can confirm this behaviour. We recently upgraded the ArcGIS PRO installation on a Windows terminal server from version 2.9.6 to 3.1.1 and all our python tasks using arcgis.gis.GIS to connect to our portals stopped working with the named error.

It seems like the option "verify_cert" is being ignored, as we have set this to false.

The connection is established like this.

 

from arcgis.gis import GIS
GIS(url="[PORTAL_DNS]:7443/arcgis", username=adminUser, password=adminPass, key_file=None, cert_file=None, verify_cert=False)

 

 

There is no difference when connecting to the portal using the webadaptor or not (port 7443 or 443).

Error (verify_cert=False)

 

Setting `verify_cert` to False is a security risk, use at your own risk.
Error: Could not initialize PortalManager. Please set verify_cert=False due to encountered SSL error: HTTPSConnectionPool(host='[PORTAL_DNS]', port=7443): Max retries exceeded with url: /arcgis/sharing/rest/info?f=json (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1129)')))

 

Error (verify_cert=True)

 

Error: Could not initialize PortalManager. Please set verify_cert=False due to encountered SSL error: HTTPSConnectionPool(host='[PORTAL_DNS]', port=7443): Max retries exceeded with url: /arcgis/sharing/rest/info?f=json (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1129)')))

 

Error (verify_cert=True, using webadaptor URL)

 

Error: Could not initialize PortalManager. Please set verify_cert=False due to encountered SSL error: HTTPSConnectionPool(host='[PORTAL_DNS]', port=443): Max retries exceeded with url: /arcgis/sharing/rest/info?f=json (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1129)')))

 

("PortalManager" is our internal python class used to establish the connection)

 

Funny thing is, that this error occures only with our staging portal, not with our production portal. Both portals are on enterprise version 11.1 and (should) be configured 100% identically with IWA activated.

The python skript version and windows task user used for both portals are the same. And both are run with the same python environment from the updated ArcGIS PRO installation.

 

kind regards,

Hannes Grothkopf

0 Kudos
HannesGrothkopf
Occasional Contributor

This issue seems to be related to a an upgrade of the underlying openssl version.

"ESRI has moved ArcGIS Pro 3.0.2+ to OpenSSL version 3.x and cryptography version 37.0.2"

https://community.esri.com/t5/arcgis-api-for-python-questions/fs-overwrite-script-stopped-working-af...

0 Kudos