The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

OCI REST API security & Python headsup


Hey all,


Team OCI goes to great lengths to ensure that our REST API is additive over time, such that your integrations will continue to work in the future as you upgrade to newer OCI releases.


However, Python has been a bit finicky with regards to negotiation SSL/TLS sessions, so there is some stuff you want to know to get ahead of some pitfalls.


#1. The OCI demo REST API python code contains a file If you look at lines 69 through 79, you will see that we are forcing Python to use TLS - this was because certain Python versions would have problems where they would attempt to negotiate SSLv3, fail, and not attempt TLS, and therefore not establish a HTTPS session, which is a bit of an inhibitor for working with REST.


The problem is that line 79 is forcing a TLS 1.0 connection. This is somewhat lame on our part - all versions of OCI 7.0.x, and OCI 7.1.0 speak TLS 1.[0-2]


The problem - OCI 7.1.1 will likely be TLS 1.2 only.


Change ssl_version=ssl.PROTOCOL_TLSv1 to ssl_version=ssl.PROTOCOL_TLSv1_2 to get ahead of this. Then test your integrations - we'd be pretty surprised if you noticed anything


#2. Recent Python 2.7 versions seem to have disabled RC4 based ciphers. This means these impacted versions will generate a handshake failed message when talking to OCI 7.0.2 and 7.1.0.


OCI 7.0.3 does not have this problem,  because we changed the default cipher.


It is possible to change OCI 7.0.2 / 7.1.0 to use




On your OCI operational server, navigate to



Make a backup of server.xml to a different location


Edit the server.xml, look for the line


ciphers = "SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA"


change to




Save the file, restart the "SANscreen Server" service.



NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner