Just a quicky, but it caught me out.

I make use of Firefox’s sync server to synchronise bookmarks, passwords etc between computers, but because I do not like the idea of having this stored on a computer that I don’t control, I run my own version of the server on my own hardware.

This was working fine, however after a recent server upgrade syncing stopped working.

On investigation, I found that exceptions were being thrown by the WSGI process, the important part being:

File "/path/to/syncserver/html/local/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 62, in 
     ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'

I did a little bit of digging, and it seems that SSLv3 has been disabled because of the protocol’s vulnerability to the POODLE attack. However, it seems that some of the Python libraries just assume that support is going to be there.

The fix was to edit /path/to/syncserver/html/local/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py itself. Open the file, and go to line 62.

Change it from this:

# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
    ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
    ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}

To this:

# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
    ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
#    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
    ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}

Which removes the mapping (and support) for SSL v3.

Hope this helps!

3 thoughts on “Fixing Firefox Sync on Debian Jessie

Leave a Reply