This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author larry
Recipients christian.heimes, larry
Date 2020-07-01.14:35:45
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1593614146.46.0.384684767233.issue41183@roundup.psfhosted.org>
In-reply-to
Content
I'm testing 3.5.10rc1 on a freshly installed Linux (Pop!_OS 20.04), and I'm getting a lot of these test failures:

ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951)

Apparently the 2048 keys used in the tests are considered "too small" with brand-new builds of the SSL library.

Christian: you upgraded the test suite keys to 3072 bits back in 2018 (issue #34542), but didn't backport this as far as 3.5 because it was in security-fixes-only mode.  I experimented with taking your patch to 3.6 and applying it to 3.5, but 80% of the patches didn't apply cleanly.  Could you either backport this upgrade to 3.5 (I'll happily accept the PR), or advise me on how to otherwise mitigate the problem?  I don't really want to turn off all those tests.  Thanks!
History
Date User Action Args
2020-07-01 14:35:46larrysetrecipients: + larry, christian.heimes
2020-07-01 14:35:46larrysetmessageid: <1593614146.46.0.384684767233.issue41183@roundup.psfhosted.org>
2020-07-01 14:35:46larrylinkissue41183 messages
2020-07-01 14:35:45larrycreate