RHEL8 uses a strict crypto policy by default. For example, SSLContext uses TLS 1.2 as the minimum version by default.
Attached PR fix test_ssl for RHEL8. The PR is not specific to RHEL8. It should also fix test_ssl on Debian: see bpo-35925 and bpo-36005.
test_ssl failures on RHEL8:
======================================================================
ERROR: test_PROTOCOL_TLS (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/cpython-master/Lib/test/test_ssl.py", line 3079, in test_PROTOCOL_TLS
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1')
File "/root/cpython-master/Lib/test/test_ssl.py", line 2623, in try_protocol_combo
stats = server_params_test(client_context, server_context,
File "/root/cpython-master/Lib/test/test_ssl.py", line 2549, in server_params_test
s.connect((HOST, server.port))
File "/root/cpython-master/Lib/ssl.py", line 1150, in connect
self._real_connect(addr, False)
File "/root/cpython-master/Lib/ssl.py", line 1141, in _real_connect
self.do_handshake()
File "/root/cpython-master/Lib/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:1055)
======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/cpython-master/Lib/test/test_ssl.py", line 3150, in test_protocol_tlsv1_1
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
File "/root/cpython-master/Lib/test/test_ssl.py", line 2623, in try_protocol_combo
stats = server_params_test(client_context, server_context,
File "/root/cpython-master/Lib/test/test_ssl.py", line 2549, in server_params_test
s.connect((HOST, server.port))
File "/root/cpython-master/Lib/ssl.py", line 1150, in connect
self._real_connect(addr, False)
File "/root/cpython-master/Lib/ssl.py", line 1141, in _real_connect
self.do_handshake()
File "/root/cpython-master/Lib/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:1055)
======================================================================
FAIL: test_min_max_version (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/cpython-master/Lib/test/test_ssl.py", line 1093, in test_min_max_version
self.assertIn(
AssertionError: <TLSVersion.TLSv1_2: 771> not found in {<TLSVersion.TLSv1: 769>, <TLSVersion.MINIMUM_SUPPORTED: -2>}
----------------------------------------------------------------------
Ran 150 tests in 3.318s
FAILED (failures=1, errors=2, skipped=9)
|