Skip to content

ft: Remove insecure SSL context creation in Triton Python backend #5372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pravali96 wants to merge 3 commits into
base: master
Choose a base branch
from
Open

ft: Remove insecure SSL context creation in Triton Python backend #5372

pravali96 wants to merge 3 commits into from
+0 −5

Conversation

@pravali96
Copy link
Collaborator

@pravali96 pravali96 commented Dec 5, 2025

Issue #, if available: https://t.corp.amazon.com/P346071810

Summary of Changes

This PR removes the following line from triton_python_backend_utils.py:
ssl._create_default_https_context = ssl._create_unverified_context

Reason for Change

This line globally disabled SSL certificate verification for the Python process.

  • Vulnerability: It exposed the container to Man-in-the-Middle (MITM) attacks by allowing connections to servers with invalid or self-signed certificates.
  • Technical Debt: It masked potential environment configuration issues (missing CA certs) rather than solving them.

Risk Assessment & Verification

I performed a two-step verification to ensure removing this line does not cause regressions for users downloading models or artifacts at runtime.

1. Functional Regression Test

  • Test: Deployed a ResNet50 model using ModelBuilder with the Triton backend.
  • Result: The model initialized and performed inference correctly without the SSL bypass.

2. Environment Network Security Test

  • Objective: Verify that the underlying Docker image (sagemaker-tritonserver:23.02-py3-cpu) has valid Root CA certificates installed and can perform a standard SSL handshake.
  • Method: Executed a direct network call inside the container using urllib without the insecure bypass.
  • Command:
    docker run --rm --entrypoint python3 <IMAGE_URI> -c "import urllib.request; print(urllib.request.urlopen('https://www.python.org').getcode())"
  • Output: 
    TESTING SSL CONNECTIVITY IN CONTAINER...
Attempting to connect to python.org...
SUCCESS: Connected with HTTP 200
SSL Certificates are present.

Conclusion

The base image correctly handles SSL verification. The insecure workaround is redundant and unsafe, and has been removed.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@pravali96 pravali96 marked this pull request as ready for review December 5, 2025 20:43
@pravali96 pravali96 mentioned this pull request Dec 5, 2025
Open
@pravali96 pravali96 deployed to auto-approve December 5, 2025 22:40 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pravali96