This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients benjamin.peterson, christian.heimes, cstratak, gregory.p.smith, ned.deily, pablogsal, vstinner
Date 2019-02-19.16:28:24
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1550593704.29.0.924079313688.issue35925@roundup.psfhosted.org>
In-reply-to
Content
I wrote a fix for bpo-36037 "test_ssl fails on RHEL8 strict OpenSSL configuration" which should fix test_ssl on Debian as well, but my change doesn't apply to Python 2.7 nor 3.6 since these Python versions lack SSLContext.minimum_version attribute (introduced in Python 3.7).

https://docs.python.org/dev/library/ssl.html#ssl.SSLContext.minimum_version

For Python 2.7 and 3.6, "export OPENSSL_CONF=/non-existing-file" is a workaround.

Benjamin:
> I agree that we need to be more resistant to system configuration, but it doesn't seem worth holding 2.7 up for.

My fix requires SSLContext.minimum_version, but I'm not sure that it's ok to backport the attribute to Python 2.7 since Python 3.6 doesn't have it. IMHO "export OPENSSL_CONF=/non-existing-file" workaround is acceptable.
History
Date User Action Args
2019-02-19 16:28:24vstinnersetrecipients: + vstinner, gregory.p.smith, christian.heimes, benjamin.peterson, ned.deily, cstratak, pablogsal
2019-02-19 16:28:24vstinnersetmessageid: <1550593704.29.0.924079313688.issue35925@roundup.psfhosted.org>
2019-02-19 16:28:24vstinnerlinkissue35925 messages
2019-02-19 16:28:24vstinnercreate