Issue 34542: [TLS] Update test certs to future proof settings

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/78723

classification

Title:	[TLS] Update test certs to future proof settings
Type:	behavior	Stage:	resolved
Components:	SSL	Versions:	Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	christian.heimes	Nosy List:	alex, christian.heimes, dstufft, janssen, larry, miss-islington
Priority:	normal	Keywords:	patch

Created on 2018-08-29 14:17 by christian.heimes, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 8997	merged	christian.heimes, 2018-08-29 16:50
PR 9007	merged	miss-islington, 2018-08-30 05:26
PR 9396	merged	christian.heimes, 2018-09-18 13:33
PR 9397	merged	christian.heimes, 2018-09-18 13:38
PR 21258	merged	christian.heimes, 2020-07-01 15:02

Messages (7)
msg324324 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2018-08-29 14:17
In bug #34399, I updated all RSA keys to 2048. However that not sufficient for future proof settings. Fedora's FUTURE crypto policy requires 3072bit RSA keys. Further more, I forgot to update the signature algorithm, too. * RSA >= 3072bits * finite field DH >= 3072bits * signature algorithm with SHA2-256 or SHA2-384 PKCSv1 #1.5 (I don't think RSASSA-PSS works with OpenSSL 1.0.2 or TLS < 1.0)
msg324368 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2018-08-30 05:25
New changeset e6dac0077996b1e1f886f036d6f2606237fa4c85 by Christian Heimes in branch 'master': bpo-34542: Update test certs and keys (GH-8997) https://github.com/python/cpython/commit/e6dac0077996b1e1f886f036d6f2606237fa4c85
msg324690 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2018-09-06 13:13
New changeset 2d3f2dc9f8376415a31a6de260ccbe6a86f2816d by Christian Heimes (Miss Islington (bot)) in branch '3.7': bpo-34542: Update test certs and keys (GH-8997) (GH-9007) https://github.com/python/cpython/commit/2d3f2dc9f8376415a31a6de260ccbe6a86f2816d
msg325850 - (view)	Author: miss-islington (miss-islington)	Date: 2018-09-20 10:33
New changeset 11485102cb7b3c57a1bc6d04c4ff4b1e25c53530 by Miss Islington (bot) (Christian Heimes) in branch '3.6': [3.6] bpo-34542: Update test certs and keys (GH-8997) (GH-9396) https://github.com/python/cpython/commit/11485102cb7b3c57a1bc6d04c4ff4b1e25c53530
msg325851 - (view)	Author: miss-islington (miss-islington)	Date: 2018-09-20 10:33
New changeset 49d65958e13db03b9a4240d8bdaff1a4be69a1d7 by Miss Islington (bot) (Christian Heimes) in branch '2.7': [2.7] bpo-34542: Update test certs and keys (GH-8997) (GH-9397) https://github.com/python/cpython/commit/49d65958e13db03b9a4240d8bdaff1a4be69a1d7
msg372811 - (view)	Author: Larry Hastings (larry) *	Date: 2020-07-02 07:07
New changeset d565be84993a3d618add139cf21038e12c60a13e by Christian Heimes in branch '3.5': bpo-41183: Update test certs and keys (#21258) https://github.com/python/cpython/commit/d565be84993a3d618add139cf21038e12c60a13e
msg372813 - (view)	Author: Larry Hastings (larry) *	Date: 2020-07-02 07:10
I also needed a backport of this to 3.5. See #41183. Also, it looks like this issue should have been closed long ago, so I'll go ahead and do that.

History
Date	User	Action	Args
2022-04-11 14:59:05	admin	set	github: 78723
2020-07-02 07:10:32	larry	set	status: open -> closed versions: + Python 3.5 messages: + msg372813 resolution: fixed stage: patch review -> resolved
2020-07-02 07:07:19	larry	set	nosy: + larry messages: + msg372811
2020-07-01 15:02:02	christian.heimes	set	pull_requests: + pull_request20406
2018-09-20 10:33:57	miss-islington	set	messages: + msg325851
2018-09-20 10:33:34	miss-islington	set	nosy: + miss-islington messages: + msg325850
2018-09-18 13:38:35	christian.heimes	set	pull_requests: + pull_request8820
2018-09-18 13:33:34	christian.heimes	set	pull_requests: + pull_request8819
2018-09-06 13:13:28	christian.heimes	set	messages: + msg324690
2018-08-30 05:26:15	miss-islington	set	pull_requests: + pull_request8477
2018-08-30 05:25:57	christian.heimes	set	messages: + msg324368
2018-08-29 16:50:54	christian.heimes	set	keywords: + patch stage: test needed -> patch review pull_requests: + pull_request8468
2018-08-29 14:17:16	christian.heimes	create