Christian Heimes added the comment: Two tests are failing in 3.7 branch:
====================================================================== ERROR: test_PROTOCOL_TLS (test.test_ssl.ThreadedTests) Connecting to an SSLv23 server with various client options ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2660, in test_PROTOCOL_TLS try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1') File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2343, in try_protocol_combo chatty=False, connectionchatty=False) File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2268, in server_params_test s.connect((HOST, server.port)) File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1108, in connect self._real_connect(addr, False) File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1099, in _real_connect self.do_handshake() File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1076, in do_handshake self._sslobj.do_handshake() File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 697, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:864) ====================================================================== ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests) Connecting to a TLSv1.1 server with various client options. ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2734, in test_protocol_tlsv1_1 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1') File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2343, in try_protocol_combo chatty=False, connectionchatty=False) File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 2268, in server_params_test s.connect((HOST, server.port)) File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1108, in connect self._real_connect(addr, False) File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1099, in _real_connect self.do_handshake() File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 1076, in do_handshake self._sslobj.do_handshake() File "/home/heimes/dev/python/cpython/Lib/ssl.py", line 697, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:864) ---------------------------------------------------------------------- Matthias, is there any way to detect Debian's modifications of OpenSSL from header files or with an API call? Otherwise we have no way to reliable detect and correctly skip the test. At the moment there is no way to retrieve the minimum protocol from OpenSSL SSL_CTX. I landed an OpenSSL patch just a couple of days ago to add SSL_CTX_get_min_proto_version(), https://github.com/openssl/openssl/pull/4364 ---------- versions: +Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue31518> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com