Message 372822 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, larry
Date	2020-07-02.08:02:25
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1593676945.52.0.550908864502.issue41183@roundup.psfhosted.org>
In-reply-to

Content
test_ssl_36_branch just contains "1 test failed: test_ssl". Could you please attach a verbose run? The problems are caused by security policy. We had similar issues in Fedora. - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions below 1.2 and update documentation. Previous default of 1, can be set by calling SSL_CTX_set_security_level(), SSL_set_security_level() or using ':@SECLEVEL=1' CipherString value in openssl.cfg. I can fix "SSL: DH_KEY_TOO_SMALL" in another PR. The other issues are harder to fix.

test_ssl_36_branch just contains "1 test failed: test_ssl". Could you please attach a verbose run?

The problems are caused by security policy. We had similar issues in Fedora.

    - Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
      level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
      below 1.2 and update documentation. Previous default of 1, can be set
      by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
      using ':@SECLEVEL=1' CipherString value in openssl.cfg.

I can fix "SSL: DH_KEY_TOO_SMALL" in another PR. The other issues are harder to fix.

History
Date	User	Action	Args
2020-07-02 08:02:25	christian.heimes	set	recipients: + christian.heimes, larry
2020-07-02 08:02:25	christian.heimes	set	messageid: <1593676945.52.0.550908864502.issue41183@roundup.psfhosted.org>
2020-07-02 08:02:25	christian.heimes	link	issue41183 messages
2020-07-02 08:02:25	christian.heimes	create