Message353189
test_ssl has some checks for TLS/SSL versions that are not available or disabled during compile-time of Python and OpenSSL. It's missing run-time checks and checks for TLS 1.0 and 1.1. Several test scenarios assume that TLS 1.0 and 1.1 are always available and properly working. These tests fail when e.g. TLS 1.0 is disabled.
Further more compile-time checks for ssl.HAS_TLSv1 or ssl.PROTOCOL_TLSv1 are not sufficient. OpenSSL 1.1.0+ got more flexible. TLS/SSL versions can be disabled at runtime with a crypto policy. Recent Debian, Fedora, and RHEL 8 systems have TLS 1.0 and 1.1 disabled by default. |
|
Date |
User |
Action |
Args |
2019-09-25 12:38:51 | christian.heimes | set | recipients:
+ christian.heimes |
2019-09-25 12:38:51 | christian.heimes | set | messageid: <1569415131.43.0.910355334237.issue38275@roundup.psfhosted.org> |
2019-09-25 12:38:51 | christian.heimes | link | issue38275 messages |
2019-09-25 12:38:51 | christian.heimes | create | |
|