This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: [2.7] test_ssl: test_protocol_sslv23() and test_protocol_tlsv1_1() fail on RHEL8
Type: Stage: resolved
Components: SSL, Tests Versions: Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, cstratak, miss-islington, vstinner
Priority: normal Keywords: patch

Created on 2019-10-01 12:55 by vstinner, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 16539 merged vstinner, 2019-10-02 14:59
PR 16541 merged miss-islington, 2019-10-02 15:57
PR 16542 merged miss-islington, 2019-10-02 15:57
PR 16543 merged vstinner, 2019-10-02 16:13
Messages (7)
msg353691 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-10-01 12:55 
SSLv23 and TLS v1.0 are disabled by RHEL8 crypto policy.

AMD64 RHEL8 2.7:
https://buildbot.python.org/all/#/builders/245/builds/5

test_protocol_sslv23 (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options ... 
 Could not scan /etc/ssl/openssl.cnf for MinProtocol: [Errno 2] No such file or directory: '/etc/ssl/openssl.cnf'

 PROTOCOL_TLS->PROTOCOL_TLS CERT_NONE
 PROTOCOL_TLSv1->PROTOCOL_TLS CERT_NONE
ERROR

======================================================================
ERROR: test_protocol_sslv23 (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/test/test_ssl.py", line 189, in f
    return func(*args, **kwargs)
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/test/test_ssl.py", line 2402, in test_protocol_sslv23
    try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1')
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/test/test_ssl.py", line 2134, in try_protocol_combo
    chatty=False, connectionchatty=False)
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/test/test_ssl.py", line 2062, in server_params_test
    s.connect((HOST, server.port))
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/ssl.py", line 864, in connect
    self._real_connect(addr, False)
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/ssl.py", line 855, in _real_connect
    self.do_handshake()
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/ssl.py", line 828, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:727)

and

test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options. ... 
 Could not scan /etc/ssl/openssl.cnf for MinProtocol: [Errno 2] No such file or directory: '/etc/ssl/openssl.cnf'

 PROTOCOL_TLSv1_1->PROTOCOL_TLSv1_1 CERT_NONE
 {PROTOCOL_TLS->PROTOCOL_TLSv1_1} CERT_NONE
 PROTOCOL_TLSv1_1->PROTOCOL_TLS CERT_NONE
ERROR

======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/test/test_ssl.py", line 189, in f
    return func(*args, **kwargs)
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/test/test_ssl.py", line 2477, in test_protocol_tlsv1_1
    try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/test/test_ssl.py", line 2134, in try_protocol_combo
    chatty=False, connectionchatty=False)
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/test/test_ssl.py", line 2062, in server_params_test
    s.connect((HOST, server.port))
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/ssl.py", line 864, in connect
    self._real_connect(addr, False)
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/ssl.py", line 855, in _real_connect
    self.do_handshake()
  File "/home/buildbot/buildarea/2.7.cstratak-RHEL8-x86_64/build/Lib/ssl.py", line 828, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:727)
msg353742 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-10-02 15:52 
New changeset b3e7045f8314e7b62cd95861d207fe2f97e47198 by Victor Stinner in branch 'master':
bpo-38338, test.pythoninfo: add more ssl infos (GH-16539)
https://github.com/python/cpython/commit/b3e7045f8314e7b62cd95861d207fe2f97e47198
msg353744 - (view) Author: miss-islington (miss-islington) Date: 2019-10-02 16:15 
New changeset ab98cd8aee5a5a7222b82ff13d61f0d33e72a889 by Miss Islington (bot) in branch '3.7':
bpo-38338, test.pythoninfo: add more ssl infos (GH-16539)
https://github.com/python/cpython/commit/ab98cd8aee5a5a7222b82ff13d61f0d33e72a889
msg353747 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-10-02 16:36 
New changeset 403ca7ea70232e520af18511fbfb89b58ef2a046 by Victor Stinner in branch '2.7':
[2.7] bpo-38338, test.pythoninfo: add more ssl infos (GH-16543)
https://github.com/python/cpython/commit/403ca7ea70232e520af18511fbfb89b58ef2a046
msg353751 - (view) Author: miss-islington (miss-islington) Date: 2019-10-02 16:52 
New changeset 183733dfb6b4779d1a5e47f41a2fb86c6be08dda by Miss Islington (bot) in branch '3.8':
bpo-38338, test.pythoninfo: add more ssl infos (GH-16539)
https://github.com/python/cpython/commit/183733dfb6b4779d1a5e47f41a2fb86c6be08dda
msg359637 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-01-09 00:00 
I marked bpo-39265 as a duplicate.
msg361578 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-02-07 10:55 
Python 2.7 is no longer maintained, I close this issue.
History
Date User Action Args
2022-04-11 14:59:21adminsetgithub: 82519
2020-02-07 10:55:20vstinnersetstatus: open -> closed
resolution: out of date
messages: + msg361578

stage: patch review -> resolved
2020-01-09 00:01:01vstinnersettitle: [2.7] test_ssl fails on RHEL8 -> [2.7] test_ssl: test_protocol_sslv23() and test_protocol_tlsv1_1() fail on RHEL8
2020-01-09 00:00:37vstinnersetmessages: + msg359637
2020-01-09 00:00:09vstinnerlinkissue39265 superseder
2019-10-02 16:52:53miss-islingtonsetmessages: + msg353751
2019-10-02 16:36:39vstinnersetmessages: + msg353747
2019-10-02 16:15:00miss-islingtonsetnosy: + miss-islington
messages: + msg353744
2019-10-02 16:13:30vstinnersetpull_requests: + pull_request16132
2019-10-02 15:57:24miss-islingtonsetpull_requests: + pull_request16131
2019-10-02 15:57:14miss-islingtonsetpull_requests: + pull_request16130
2019-10-02 15:52:50vstinnersetmessages: + msg353742
2019-10-02 14:59:02vstinnersetkeywords: + patch
stage: patch review
pull_requests: + pull_request16128
2019-10-01 12:57:07vstinnersettitle: [2.7] test_ssl fails -> [2.7] test_ssl fails on RHEL8
2019-10-01 12:56:28vstinnersetnosy: + cstratak
2019-10-01 12:55:54vstinnercreate