classification
Title: ssl deprecation warnings erganomics
Type: behavior Stage: needs patch
Components: SSL Versions: Python 3.11, Python 3.10
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: alex, dstufft, graingert, janssen
Priority: normal Keywords:

Created on 2021-06-08 20:36 by graingert, last changed 2021-06-10 13:18 by christian.heimes.

Pull Requests
URL Status Linked Edit
PR 26599 graingert, 2021-06-08 20:36
Messages (5)
msg395362 - (view) Author: Thomas Grainger (graingert) * Date: 2021-06-08 20:36
The ssl module OP_NO_* deprecation warning message is slightly wrong: The error message prints out "is deprecated is deprecated" because of an earlier format template

There's a colon in the warning message `ssl module:` and that makes it difficult to use in simplefilter

The NPN deprecation warnning raises a UserWarning instead of DeprecationWarning

see also UserWarning: ssl module: NPN is deprecated, use ALPN instead
msg395366 - (view) Author: Thomas Grainger (graingert) * Date: 2021-06-08 22:31
the "ssl module:" part of the warning message, I think, is redundant as it should be defined in the https://docs.python.org/3/library/warnings.html#warnings.warn_explicit module kwarg
msg395524 - (view) Author: Thomas Grainger (graingert) * Date: 2021-06-10 12:01
it looks like OP_NO_SSLv2 and OP_NO_SSLv3 are not raising a DeprecationWarning


```
python310 -W error
Python 3.10.0b2 (default, Jun  2 2021, 00:22:18) [GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ssl.SSLContext(ssl.PROTOCOL_TLS)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.10/ssl.py", line 501, in __new__
    self = _SSLContext.__new__(cls, protocol)
DeprecationWarning: ssl module: PROTOCOL_TLS is deprecated
>>> ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
<ssl.SSLContext object at 0x7f2e567616c0>
>>> c = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
>>> c.options |= ssl.OP_NO_SSLv2  # no deprecation warning!?
>>> c.options |= ssl.OP_NO_SSLv3  # no deprecation warning!?
>>> c.options |= ssl.OP_NO_TLSv1
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.10/ssl.py", line 621, in options
    super(SSLContext, SSLContext).options.__set__(self, value)
DeprecationWarning: ssl module: Setting OP_NO_SSL* or SSL_NO_TLS* options is deprecated is deprecated
```
msg395526 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-06-10 12:10
ctx.options |= ssl.OP_NO_SSLv2 and ctx.options |= ssl.OP_NO_SSLv3 are no-ops and don't modify the value of ctx.options. OP_NO_SSLv2 == 0 and OP_NO_SSLv3 is set by default:

>>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
>>> ctx.options
ssl.OP_NO_COMPRESSION|ssl.OP_ENABLE_MIDDLEBOX_COMPAT|ssl.OP_CIPHER_SERVER_PREFERENCE|ssl.OP_NO_SSLv3|0x80000054
>>> int(ssl.OP_NO_SSLv2)
0
msg395528 - (view) Author: Thomas Grainger (graingert) * Date: 2021-06-10 12:17
there should still be a deprecation warning so that 3.12 can raise AttributeError
History
Date User Action Args
2021-06-10 13:18:20christian.heimessetnosy: - christian.heimes
2021-06-10 12:17:02graingertsetmessages: + msg395528
2021-06-10 12:10:46christian.heimessetmessages: + msg395526
2021-06-10 12:01:55graingertsetmessages: + msg395524
2021-06-09 09:10:39christian.heimessetassignee: christian.heimes ->
2021-06-09 09:10:33christian.heimessetassignee: christian.heimes
type: behavior
components: + SSL
stage: needs patch
2021-06-08 22:31:50graingertsetmessages: + msg395366
2021-06-08 20:36:09graingertcreate