On Thursday 03 November 2016 12:11:29 Luc Jean wrote:
> (SSL error: called a function you should not call)
> It seems to occur while querying the database.
>
> # django/db/backends/utils.py line 64
> return self.cursor.execute(sql, params)
This would only make sense if you use SSL to connect to the database. I
would actually assume this is just where the exception is first caught,
not where it's triggered.
> The problem occurs when REST api (made using django-rest-framework) is
> called by a Angular2 app.
>
> I have activated the following settings:
>
> SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
> SECURE_SSL_REDIRECT = True
> SESSION_COOKIE_SECURE = True
> CSRF_COOKIE_SECURE = True
> Does anybody have any idea about the possible cause of the problem?
This could be the root cause, but in what layer it's triggered is yours
to find out:
http://stackoverflow.com/a/19288033/1600649
I would disable all SSLv2 functionality one by one to identify the layer
and hope the software in question is smart enough to switch to
SSLv3_method() when SSLv2 is not wanted. If you can abolish all SSL
protocols all together and only support TLS 1.1 and 1.2 since the others
are insecure:
<https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#22-use-secure-protocols>
--
Melvyn Sopacua
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3078568.ozt7A4hQJ1%40devstation.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment