➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2018-09-28 16:14 by xnox, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 9624 | closed | xnox, 2018-09-28 16:18 | |
| Messages (3) | |||
|---|---|---|---|
| msg326642 - (view) | Author: Dimitri John Ledkov (xnox) * | Date: 2018-09-28 16:14 | |
self.assertEqual(default, ctx.options) in test_options fails with openssl 1.1.1 as it does not correctly account for OP_ENABLE_MIDDLEBOX_COMPAT. It is not defined by the python2.7 ssl module either. either ssl.OP_ENABLE_MIDDLEBOX_COMPAT needs to be backported, or the test case should just add that constant in when openssl version is >= 1.1.1 |
|||
| msg333976 - (view) | Author: STINNER Victor (vstinner) *  |
Date: 2019-01-18 15:19 | |
Python 2.7 doesn't support properly OpenSSL 1.1.1 yet, see: * PR 10607 * PR 10608 I would prefer to have _ssl.OP_ENABLE_MIDDLEBOX_COMPAT rather than have an hardcoded constant in test_ssl. In master, test_ssl has been fixed and the constant has been added by: commit 05d9fe32a1245b9a798e49e0c1eb91f110935b69 Author: Christian Heimes <christian@python.org> Date: Tue Feb 27 08:55:39 2018 +0100 bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663) * bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by default. Some test cases only apply to TLS 1.2. Other tests currently fail because the threaded or async test servers stop after failure. I'm going to address these issues when OpenSSL 1.1.1 reaches beta. OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS 1.3. The feature is enabled by default for maximum compatibility with broken middle boxes. Users should be able to disable the hack and CPython's test suite needs it to verify default options. Signed-off-by: Christian Heimes <christian@python.org> diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 7371024dce..5d5232eda3 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -831,6 +831,15 @@ Constants .. versionadded:: 3.3 +.. data:: OP_ENABLE_MIDDLEBOX_COMPAT + + Send dummy Change Cipher Spec (CCS) messages in TLS 1.3 handshake to make + a TLS 1.3 connection look more like a TLS 1.2 connection. + + This option is only available with OpenSSL 1.1.1 and later. + + .. versionadded:: 3.8 + .. data:: OP_NO_COMPRESSION Disable compression on the SSL channel. This is useful if the application (...) |
|||
| msg360263 - (view) | Author: Zachary Ware (zach.ware) * |
Date: 2020-01-19 18:14 | |
As this issue appears to only affect 2.7 which recently reached end-of-life status, I'm going to go ahead and close it. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:06 | admin | set | github: 79015 |
| 2020-01-19 18:14:28 | zach.ware | set | status: open -> closed assignee: christian.heimes components: + Tests, SSL nosy: + zach.ware messages: + msg360263 resolution: out of date stage: patch review -> resolved |
| 2019-01-18 15:19:32 | vstinner | set | nosy:
+ vstinner messages: + msg333976 |
| 2018-10-01 19:42:17 | cstratak | set | nosy:
+ cstratak |
| 2018-09-28 17:38:45 | xtreak | set | nosy:
+ christian.heimes |
| 2018-09-28 16:18:26 | xnox | set | keywords:
+ patch stage: patch review pull_requests: + pull_request9022 |
| 2018-09-28 16:14:56 | xnox | create | |