classification
Title: test_ssl fails if SSLv2 is enabled
Type: behavior Stage:
Components: SSL Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: benjamin.peterson, christian.heimes
Priority: normal Keywords:

Created on 2018-09-13 23:11 by benjamin.peterson, last changed 2018-09-14 00:00 by christian.heimes.

Messages (2)
msg325304 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-09-13 23:11
I modified multissltests.py to enable-ssl2:

--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -275,7 +275,8 @@ class AbstractBuilder(object):
         cmd = [
             "./config",
             "shared", "--debug",
-            "--prefix={}".format(self.install_dir)
+            "--prefix={}".format(self.install_dir),
+            "enable-ssl2",
         ]
         env = os.environ.copy()

This results in some test_ssl failures, which all seem to have the same root cause:

$ Tools/ssl/multissltests.py  --openssl 1.0.2o
....
======================================================================
ERROR: test_constructor (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 965, in test_constructor
    ssl.SSLContext(protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 973, in test_protocol
    ctx = ssl.SSLContext(proto)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_session_stats (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 1320, in test_session_stats
    ctx = ssl.SSLContext(proto)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_echo (test.test_ssl.ThreadedTests) (protocol='PROTOCOL_SSLv2')
Basic test of an SSL client connecting to a server
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2569, in test_echo
    context = ssl.SSLContext(protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2960, in test_protocol_sslv2
    try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_sslv3 (test.test_ssl.ThreadedTests)
Connecting to an SSLv3 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 3026, in test_protocol_sslv3
    try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 3043, in test_protocol_tlsv1
    try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 3058, in test_protocol_tlsv1_1
    try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, False)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_tlsv1_2 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.2 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 3079, in test_protocol_tlsv1_2
    try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv2, False)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

----------------------------------------------------------------------
msg325311 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-09-14 00:00
Benjamin and I discussed the issue face to face. Rather than fixing the tests, I'm going to remove support and tests for SSL 2.0.
History
Date User Action Args
2018-09-14 00:00:55christian.heimessetmessages: + msg325311
2018-09-13 23:11:27benjamin.petersoncreate