This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ncoghlan
Recipients alex, christian.heimes, dstufft, giampaolo.rodola, janssen, kushal.das, ncoghlan, pitrou
Date 2015-05-23.10:02:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1432375336.18.0.292902088419.issue23965@psf.upfronthosting.co.za>
In-reply-to
Content 
Digging into the test_options failure suggests Christian is right (although I think it has more to do with https://fedoraproject.org/wiki/Changes/CryptoPolicy than it does with FIPS):

>>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
>>> bin(ctx.options)
'0b10000011000000000000001111111111'
>>> bin(ssl.OP_ALL | ssl.OP_NO_SSLv2)
'0b10000001000000000000001111111111'
>>> bin(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
'0b10000011000000000000001111111111'

The tests' assumptions about the default SSL configuration are out of date, so the tests have started failing on F22. We should like check the default options to see if they turn off SSLv3 when test_ssl is imported, and use that as a check to skip affected tests (as well as to adjust what test_options checks for as the default state)
History
Date User Action Args
2015-05-23 10:02:16ncoghlansetrecipients: + ncoghlan, janssen, pitrou, giampaolo.rodola, christian.heimes, alex, kushal.das, dstufft
2015-05-23 10:02:16ncoghlansetmessageid: <1432375336.18.0.292902088419.issue23965@psf.upfronthosting.co.za>
2015-05-23 10:02:16ncoghlanlinkissue23965 messages
2015-05-23 10:02:15ncoghlancreate