OpenSSL 1.1.0 is changing a lot of internals. Most structs are opaque, RC4 and SSLv2 are gone. I've a rough patch in my private repos. I'll submit the patch as soon as the code is compatible with OpenSSL 1.0.2, too.

https://github.com/python/cpython/compare/master...tiran:feature/openssl110

Since you are looking, maybe look at whether it is also libreSSL compatible?

Here is a first working patch. It requires 1.1.0-pre4. The failing ALPN test is caused by a regression in OpenSSL.

Testing this patch on HardenedBSD/LibreSSL (base SSL libs replaced with LibreSSL)

Checking version numbers to see if a feature is available is a bad practice. How can features ever be removed this way! Would be better to check for the feature itself (using autoconf).

The patch was mostly OK but any check for OPENSSL_VERSION_NUMBER for now also requires a negative check for LIBRESSL_VERSION_NUMBER as LibreSSL froze features at 1.0.1g.

Next to that, anything requiring compression (CRIME attack) should be guarded using and #infdef OPENSSL_NO_COMP.

This patch allowed me to build Python 3.5 with LibreSSL 2.3 (i.e. without SSLv3, Compression, RC4, SHA-0, etc)

The patch makes Python compatible with OpenSSL 1.1.0-pre6-dev from
git. The ssl and hashlib module are also compatible with OpenSSL 0.9.8zh,
1.0.1s, 1.0.2g as well as LibreSSL 2.3.3.

PS: The patch depends on https://github.com/openssl/openssl/pull/979

Can you please replace the HAVE_RAND_EGD bits with OPENSSL_NO_EGD as defined by both OpenSSL 1.1 and LibreSSL?

EGD default disabled https://github.com/openssl/openssl/blob/master/Configure#L363
EGD methods not available https://github.com/openssl/openssl/blob/master/include/openssl/rand.h#L61

Hi Christian,

I have reviewed your patch, seems to be fine for me.

Stéphane, I have addressed your code review.

def __new__() no longer hard-codes protocol. We can change that in a later version of Python. OpenSSL has deprecated all SSL methods except of the generic TLS method. The TLS method was formerly known as SSLv23 method and does auto-negotiation of the latest supported method.

Lib/test/test_ssl.py:1183: LibreSSL does not support SSL_CA_PATH and SSL_CA_DIR env vars. I have changed the comment on the test.

Modules/_hashopenssl.c:127: _hashopenssl.c now does error checks on EVP digest copy. The copy operation can fail when an EVP ENGINE is involved.

HAS_FAST_PKCS5_PBKDF2_HMAC is defined in _hashopenssl.c. OpenSSL used to have a bad implementation of PKBDF2. I fixed it in 2013. The workaround is no longer required for OpenSSL >= 1.1.0. You can find more details in https://jbp.io/2015/08/11/pbkdf2-performance-matters/

OpenSSL 1.1.0 final was released a couple of hours ago. One test is failing because it uses 3DES. 1.1.0 has 3DES disabled by default.

There are still quite a few references to `PROTOCOL_SSLv23` in Doc/library/ssl.rst. Should they be updated as well?

- The 2.7 patch contains numerous references to 3.6, these should be rewritten to 2.7.x
-

Thanks Alex, I ported the Python and C code to 2.7 but forgot to address doc updates. You can find an updated patch on github: https://github.com/python/cpython/compare/2.7...tiran:feature/openssl110_27 I'll submit a new patch after your review.

Chi Hsuan Yen, I'll update remaining documentation later.

This will require significant updates to PCbuild/prepare_ssl.py and/or the way we build OpenSSL on Windows before we can even properly test this on Windows.  I don't think that should hold up acceptance of the rest of the patch (provided 1.0.2 support remains intact), but will need to be handled eventually.

Building on Windows with 1.0.2h is broken with the current patch, but I don't understand things well enough to diagnose it:

ssleay.lib(ssl_lib.obj) : error LNK2005: _SSL_CTX_set_default_passwd_cb_userdata already defined in _ssl.obj [P:\ath\to\cpython\PCbuild\_ssl.vcxproj]                                                                                                                                                          
ssleay.lib(ssl_lib.obj) : error LNK2005: _SSL_CTX_set_default_passwd_cb already defined in _ssl.obj [P:\ath\to\cpython\PCbuild\_ssl.vcxproj]

Hi Zachary, you have found a bug in my patch. I mistakenly defined SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata() for OpenSSL < 1.1.0. Both functions already exist. Only the getters are missing for < 1.1.0. Please remove both functions from _ssl.c and try again.

Looks like that took care of it, build succeeded with no new warnings, and test.ssltests passed.

Awesome! I have removed the surplus functions, made the other additional functions static and fixed minor test issue with LibreSSL and OpenSSL < 1.0.1. My branches on github compile and pass all tests with OpenSSL "0.9.8zc", "0.9.8zh", "1.0.1t", "1.0.2", "1.0.2h", "1.1.0" and LibreSSL "2.3.0", "2.4.2" on Linux X86_86. I'm using my script https://github.com/tiran/multissl for testing.

Christian, thanks a lot for doing this!  Do you plan to change the SSLContext constructor and make the protocol argument optional? It sounds like that would be a logical followup to the OpenSSL API changes.

Hi Christian,

Great stuff!

Please can you replace the HAVE_RAND_EGD ifdefs into OPENSSL_NO_EGD checks? Then the RAND_egd checks in configure.ac can also be removed.

This was introduced by OpenSSL in https://github.com/openssl/openssl/commit/0423f812dc61f70c6ae6643191259ca9e5692c7f and is consistent with the naming in LibreSSL.

Cheers,

Bernard.

Bernard, where do you see HAVE_RAND_EGD in my patch or in any recent version of _ssl.c? There is no reference to HAVE_RAND_EGD. The patches use OPENSSL_NO_EGD.

Yes, I plan to change this for Python 3.7 along with #27876.

Sorry for the noise Christian, I thought the former EGD handling was still in place. That was fixed with https://github.com/python/cpython/commit/968ec1d29b44ca7a600df5984adff00a78392368 on 07 Jul 2016

Antoine, I have reconsidered your idea. Let's make the default value PROTOCOL_TLS in 3.6 and deprecated the other protocol methods. We can remove them in 3.8 or 3.9. I'll push another patch later today.

New changeset 5c75b315152b by Christian Heimes in branch '3.5':
Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.
https://hg.python.org/cpython/rev/5c75b315152b

New changeset bc5ba11973f5 by Christian Heimes in branch 'default':
Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.
https://hg.python.org/cpython/rev/bc5ba11973f5

New changeset 14b611ddaabe by Christian Heimes in branch '2.7':
Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.
https://hg.python.org/cpython/rev/14b611ddaabe

New changeset 5566732c8ac5 by Christian Heimes in branch '3.5':
Issue #26470: Use short name rather than name for compression name to fix #27958.
https://hg.python.org/cpython/rev/5566732c8ac5

New changeset 2593ed9a6a62 by Christian Heimes in branch '2.7':
Issue #26470: Use short name rather than name for compression name to fix #27958.
https://hg.python.org/cpython/rev/2593ed9a6a62

New changeset d92f26a53b70 by Christian Heimes in branch 'default':
Issue #26470: Use short name rather than name for compression name to fix #27958.
https://hg.python.org/cpython/rev/d92f26a53b70