Two tests are failing in 3.7 branch:
======================================================================
ERROR: test_PROTOCOL_TLS (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2660, in test_PROTOCOL_TLS
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1')
File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2343, in try_protocol_combo
chatty=False, connectionchatty=False)
File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2268, in server_params_test
s.connect((HOST, server.port))
File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1108, in connect
self._real_connect(addr, False)
File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1099, in _real_connect
self.do_handshake()
File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1076, in do_handshake
self._sslobj.do_handshake()
File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 697, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:864)
======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2734, in test_protocol_tlsv1_1
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2343, in try_protocol_combo
chatty=False, connectionchatty=False)
File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2268, in server_params_test
s.connect((HOST, server.port))
File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1108, in connect
self._real_connect(addr, False)
File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1099, in _real_connect
self.do_handshake()
File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1076, in do_handshake
self._sslobj.do_handshake()
File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 697, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:864)
----------------------------------------------------------------------
Matthias,
is there any way to detect Debian's modifications of OpenSSL from header files or with an API call? Otherwise we have no way to reliable detect and correctly skip the test. At the moment there is no way to retrieve the minimum protocol from OpenSSL SSL_CTX. I landed an OpenSSL patch just a couple of days ago to add SSL_CTX_get_min_proto_version(), https://github.com/openssl/openssl/pull/4364
|