Message 404799 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	alexia
Recipients	alexia, christian.heimes
Date	2021-10-22.17:24:17
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1634923457.3.0.959517604035.issue45487@roundup.psfhosted.org>
In-reply-to

Content
Never mind, I found the root cause after some debugging. Adding AES256-GCM-SHA384 to the cipher string resolved the issue. And now I see that the release notes say this: > The ssl module now has more secure default settings. Ciphers without forward secrecy or SHA-1 MAC are disabled by default. Security level 2 prohibits weak RSA, DH, and ECC keys with less than 112 bits of security. SSLContext defaults to minimum protocol version TLS 1.2. Settings are based on Hynek Schlawack’s research. (Contributed by Christian Heimes in bpo-43998.)

Never mind, I found the root cause after some debugging. Adding AES256-GCM-SHA384 to the cipher string resolved the issue.

And now I see that the release notes say this:

> The ssl module now has more secure default settings. Ciphers without forward secrecy or SHA-1 MAC are disabled by default. Security level 2 prohibits weak RSA, DH, and ECC keys with less than 112 bits of security. SSLContext defaults to minimum protocol version TLS 1.2. Settings are based on Hynek Schlawack’s research. (Contributed by Christian Heimes in bpo-43998.)

History
Date	User	Action	Args
2021-10-22 17:24:17	alexia	set	recipients: + alexia, christian.heimes
2021-10-22 17:24:17	alexia	set	messageid: <1634923457.3.0.959517604035.issue45487@roundup.psfhosted.org>
2021-10-22 17:24:17	alexia	link	issue45487 messages
2021-10-22 17:24:17	alexia	create