Since its pip for OS python as you recommended -- our KTS servers are Rhel 6 and centos 6 and we are unable to find the RPM for it which is above 13.1. There is a directory on our KTS servers which already seems to have pyopenssl version 0.14, I am not sure if this enough. /opt/cloudera/parcels/KEYTRUSTEE_SERVER-5.11.0-1.keytrustee5.11.0.p0.18/lib/python2.6/site-packages/pyOpenSSL-0.14-py2.6.egg-inf Other location where the Pyopenssl is located and have 0.13 version /usr/lib64/python2.6/site-packages/pyOpenSSL-0.13.1-py2.6.egg-info We tried to make changes to Java.security file to enforce TLS 1.2(but did not do any upgrades to Pyopenssl version) and made config changes in KTS service to use 1.2 and restarted both KTS and KMS services after that and they were able to start without throwing any errors. so I am kinda puzzled if KTS is already using the pyopenssl upgraded version from one of our locations or ? I read the the documentation from Cloudera where it says if we do not upgrade pyopenssl version and enforce TLS 1.2 by making changes to java.security, the services will not start and will throw errors but I was able start the services.   Please let us know if we missed anything or following the right procedure so far ? Thanks.         ... View more

HI Ben - We have pip installed in 3 places:  /usr/bin, /opt/anaconda/2 and /opt/anaconda/3.....which pip to use for the upgrade?  Want to make sure when it's upgraded Cloudera will pick it up.? please Guide. Thanks. ... View more

Thanks Ben for the response.     pyOpenSSL.x86_64                      0.13.1-2.el6   this is the version of PyOpenSSL we have on our KTS servers and these KTS servers are Rhel/Centos 6. ... View more