classification
Title: [TLS] Update test certs to future proof settings
Type: behavior Stage: resolved
Components: SSL Versions: Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: alex, christian.heimes, dstufft, janssen, larry, miss-islington
Priority: normal Keywords: patch

Created on 2018-08-29 14:17 by christian.heimes, last changed 2020-07-02 07:10 by larry. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 8997 merged christian.heimes, 2018-08-29 16:50
PR 9007 merged miss-islington, 2018-08-30 05:26
PR 9396 merged christian.heimes, 2018-09-18 13:33
PR 9397 merged christian.heimes, 2018-09-18 13:38
PR 21258 merged christian.heimes, 2020-07-01 15:02
Messages (7)
msg324324 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-08-29 14:17
In bug #34399, I updated all RSA keys to 2048. However that not sufficient for future proof settings. Fedora's FUTURE crypto policy requires 3072bit RSA keys. Further more, I forgot to update the signature algorithm, too.

* RSA >= 3072bits
* finite field DH >= 3072bits
* signature algorithm with SHA2-256 or SHA2-384 PKCSv1 #1.5 (I don't think RSASSA-PSS works with OpenSSL 1.0.2 or TLS < 1.0)
msg324368 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-08-30 05:25
New changeset e6dac0077996b1e1f886f036d6f2606237fa4c85 by Christian Heimes in branch 'master':
bpo-34542: Update test certs and keys (GH-8997)
https://github.com/python/cpython/commit/e6dac0077996b1e1f886f036d6f2606237fa4c85
msg324690 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-09-06 13:13
New changeset 2d3f2dc9f8376415a31a6de260ccbe6a86f2816d by Christian Heimes (Miss Islington (bot)) in branch '3.7':
bpo-34542: Update test certs and keys (GH-8997) (GH-9007)
https://github.com/python/cpython/commit/2d3f2dc9f8376415a31a6de260ccbe6a86f2816d
msg325850 - (view) Author: miss-islington (miss-islington) Date: 2018-09-20 10:33
New changeset 11485102cb7b3c57a1bc6d04c4ff4b1e25c53530 by Miss Islington (bot) (Christian Heimes) in branch '3.6':
[3.6] bpo-34542: Update test certs and keys (GH-8997) (GH-9396)
https://github.com/python/cpython/commit/11485102cb7b3c57a1bc6d04c4ff4b1e25c53530
msg325851 - (view) Author: miss-islington (miss-islington) Date: 2018-09-20 10:33
New changeset 49d65958e13db03b9a4240d8bdaff1a4be69a1d7 by Miss Islington (bot) (Christian Heimes) in branch '2.7':
[2.7] bpo-34542: Update test certs and keys (GH-8997) (GH-9397)
https://github.com/python/cpython/commit/49d65958e13db03b9a4240d8bdaff1a4be69a1d7
msg372811 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2020-07-02 07:07
New changeset d565be84993a3d618add139cf21038e12c60a13e by Christian Heimes in branch '3.5':
bpo-41183: Update test certs and keys (#21258)
https://github.com/python/cpython/commit/d565be84993a3d618add139cf21038e12c60a13e
msg372813 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2020-07-02 07:10
I also needed a backport of this to 3.5.  See #41183.

Also, it looks like this issue should have been closed long ago, so I'll go ahead and do that.
History
Date User Action Args
2020-07-02 07:10:32larrysetstatus: open -> closed
versions: + Python 3.5
messages: + msg372813

resolution: fixed
stage: patch review -> resolved
2020-07-02 07:07:19larrysetnosy: + larry
messages: + msg372811
2020-07-01 15:02:02christian.heimessetpull_requests: + pull_request20406
2018-09-20 10:33:57miss-islingtonsetmessages: + msg325851
2018-09-20 10:33:34miss-islingtonsetnosy: + miss-islington
messages: + msg325850
2018-09-18 13:38:35christian.heimessetpull_requests: + pull_request8820
2018-09-18 13:33:34christian.heimessetpull_requests: + pull_request8819
2018-09-06 13:13:28christian.heimessetmessages: + msg324690
2018-08-30 05:26:15miss-islingtonsetpull_requests: + pull_request8477
2018-08-30 05:25:57christian.heimessetmessages: + msg324368
2018-08-29 16:50:54christian.heimessetkeywords: + patch
stage: test needed -> patch review
pull_requests: + pull_request8468
2018-08-29 14:17:16christian.heimescreate