Peeps :
Not exactly a python issue, but I'm looking for a python based work around :
If I try to get data from nomads.ncep.noaa.gov, I get an error message :
error:0A000152:SSL routines::unsafe legacy renegotiation disabled
I've encountered this because Fedora recently moved to "OpenSSL 3.0",
which disables SSL_OP_LEGACY_SERVER_CONNECT
You can see this (on a machine running OpenSSL 3.0) by doing :
ncdump -h http://nomads.ncep.noaa.gov/dods/gfs_1p00/gfs20220624/gfs_1p00_00z
... or by running the attached python code.
This is because the nomads.ncep.noaa.gov GrADS server doesn't do RFC
5746 (so this might be nomads admin issue ... or GrADS server problem,
but I suspect this would take a long time to upgrade).
You can see also this by doing :
openssl s_client -connect nomads.ncep.noaa.gov:443
... and noticing : "Secure Renegotiation IS NOT supported"
This can be worked around by creating an OpenSSL config file and
setting "Options = UnsafeLegacyRenegotiation" and then setting
OPENSSL_CONF to this config file, but that's a bit ugly. It would be
nice to just set UnsafeLegacyRenegotiation for nomads, but I don't see
how to do that.
But I'm looking for a python workaround that I can put in my code
(that will work w/ netcdf & xarray).
Thanks,
Ken
# nomads.ncep.noaa.gov GrADS server SSL server does not support the
Renegotiation Indication Extension (RFC 5746)
# openssl s_client -connect nomads.ncep.noaa.gov:443 # shows "Secure
Renegotiation IS NOT supported" in the output
import datetime, xarray
dt0 = datetime.datetime.utcnow() - datetime.timedelta(days=2)
nomads2 = 'gfs_1p00/gfs{dt:%Y%m%d}/gfs_1p00_00z' # GFS 1.0 deg # XXX hack : H
hardcoded
ds0 = xarray.open_dataset(('https://nomads.ncep.noaa.gov/dods/' +
nomads2).format(dt=dt0)) # * error:0A000152:SSL routines::unsafe legacy
renegotiation disabled
print(ds0)
