classification
Title: [TLS] Update test certs to future proof settings
Type: behavior Stage: patch review
Components: SSL Versions: Python 3.8, Python 3.7, Python 3.6, Python 2.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: alex, christian.heimes, dstufft, janssen, miss-islington
Priority: normal Keywords: patch

Created on 2018-08-29 14:17 by christian.heimes, last changed 2018-09-20 10:33 by miss-islington.

Pull Requests
URL Status Linked Edit
PR 8997 merged christian.heimes, 2018-08-29 16:50
PR 9007 merged miss-islington, 2018-08-30 05:26
PR 9396 merged christian.heimes, 2018-09-18 13:33
PR 9397 merged christian.heimes, 2018-09-18 13:38
Messages (5)
msg324324 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-08-29 14:17
In bug #34399, I updated all RSA keys to 2048. However that not sufficient for future proof settings. Fedora's FUTURE crypto policy requires 3072bit RSA keys. Further more, I forgot to update the signature algorithm, too.

* RSA >= 3072bits
* finite field DH >= 3072bits
* signature algorithm with SHA2-256 or SHA2-384 PKCSv1 #1.5 (I don't think RSASSA-PSS works with OpenSSL 1.0.2 or TLS < 1.0)
msg324368 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-08-30 05:25
New changeset e6dac0077996b1e1f886f036d6f2606237fa4c85 by Christian Heimes in branch 'master':
bpo-34542: Update test certs and keys (GH-8997)
https://github.com/python/cpython/commit/e6dac0077996b1e1f886f036d6f2606237fa4c85
msg324690 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-09-06 13:13
New changeset 2d3f2dc9f8376415a31a6de260ccbe6a86f2816d by Christian Heimes (Miss Islington (bot)) in branch '3.7':
bpo-34542: Update test certs and keys (GH-8997) (GH-9007)
https://github.com/python/cpython/commit/2d3f2dc9f8376415a31a6de260ccbe6a86f2816d
msg325850 - (view) Author: miss-islington (miss-islington) Date: 2018-09-20 10:33
New changeset 11485102cb7b3c57a1bc6d04c4ff4b1e25c53530 by Miss Islington (bot) (Christian Heimes) in branch '3.6':
[3.6] bpo-34542: Update test certs and keys (GH-8997) (GH-9396)
https://github.com/python/cpython/commit/11485102cb7b3c57a1bc6d04c4ff4b1e25c53530
msg325851 - (view) Author: miss-islington (miss-islington) Date: 2018-09-20 10:33
New changeset 49d65958e13db03b9a4240d8bdaff1a4be69a1d7 by Miss Islington (bot) (Christian Heimes) in branch '2.7':
[2.7] bpo-34542: Update test certs and keys (GH-8997) (GH-9397)
https://github.com/python/cpython/commit/49d65958e13db03b9a4240d8bdaff1a4be69a1d7
History
Date User Action Args
2018-09-20 10:33:57miss-islingtonsetmessages: + msg325851
2018-09-20 10:33:34miss-islingtonsetnosy: + miss-islington
messages: + msg325850
2018-09-18 13:38:35christian.heimessetpull_requests: + pull_request8820
2018-09-18 13:33:34christian.heimessetpull_requests: + pull_request8819
2018-09-06 13:13:28christian.heimessetmessages: + msg324690
2018-08-30 05:26:15miss-islingtonsetpull_requests: + pull_request8477
2018-08-30 05:25:57christian.heimessetmessages: + msg324368
2018-08-29 16:50:54christian.heimessetkeywords: + patch
stage: test needed -> patch review
pull_requests: + pull_request8468
2018-08-29 14:17:16christian.heimescreate