This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes
Date 2019-09-25.12:38:51
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1569415131.43.0.910355334237.issue38275@roundup.psfhosted.org>
In-reply-to
Content
test_ssl has some checks for TLS/SSL versions that are not available or disabled during compile-time of Python and OpenSSL. It's missing run-time checks and checks for TLS 1.0 and 1.1. Several test scenarios assume that TLS 1.0 and 1.1 are always available and properly working. These tests fail when e.g. TLS 1.0 is disabled.

Further more compile-time checks for ssl.HAS_TLSv1 or ssl.PROTOCOL_TLSv1 are not sufficient. OpenSSL 1.1.0+ got more flexible. TLS/SSL versions can be disabled at runtime with a crypto policy. Recent Debian, Fedora, and RHEL 8 systems have TLS 1.0 and 1.1 disabled by default.
History
Date User Action Args
2019-09-25 12:38:51christian.heimessetrecipients: + christian.heimes
2019-09-25 12:38:51christian.heimessetmessageid: <1569415131.43.0.910355334237.issue38275@roundup.psfhosted.org>
2019-09-25 12:38:51christian.heimeslinkissue38275 messages
2019-09-25 12:38:51christian.heimescreate