[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread STINNER Victor
STINNER Victor added the comment: Ok, Python 3.7 and 3.8 (master) have been fixed. See bpo-35925 (and bpo-36005) for discussions on Python 2.7 and 3.6. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed versions: +Python 3.7 __

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread miss-islington
miss-islington added the comment: New changeset e8bf04de4ba045029aa8964126d8cdd2d7c282a6 by Miss Islington (bot) in branch '3.7': bpo-36037: Fix test_ssl for strict OpenSSL policy (GH-11940) https://github.com/python/cpython/commit/e8bf04de4ba045029aa8964126d8cdd2d7c282a6 -- nosy: +

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread miss-islington
Change by miss-islington : -- pull_requests: +11966 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread STINNER Victor
STINNER Victor added the comment: New changeset 3ef6344ee53f59ee86831ec36ed2c6f93a56229d by Victor Stinner in branch 'master': bpo-36037: Fix test_ssl for strict OpenSSL policy (GH-11940) https://github.com/python/cpython/commit/3ef6344ee53f59ee86831ec36ed2c6f93a56229d -- _

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread STINNER Victor
STINNER Victor added the comment: Python 2.7 and 3.6 have no SSLContext.minimum_version attribute (even with OpenSSL 1.1.1). I think that we will workaround this issue in Fedora and RHEL8 spec file (recipe to build RPM packages) using "export OPENSSL_CONF=/non-existing-file". -- __

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread STINNER Victor
STINNER Victor added the comment: > RHEL8 uses a strict crypto policy by default. For example, SSLContext uses > TLS 1.2 as the minimum version by default. Ah, I forgot to mention that a workaround is to use OPENSSL_CONF=/ environment variable to ignore RHEL crypto policy (don't load system

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread STINNER Victor
STINNER Victor added the comment: On Python 2.7.16rc, similar tests are failing on RHEL8: ERROR: test_protocol_sslv23 (test.test_ssl.ThreadedTests) ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests) ... But right now, Python 2.7 doesn't give access to minimum_version/maximum_version

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread STINNER Victor
Change by STINNER Victor : -- nosy: +cstratak, gregory.p.smith ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread STINNER Victor
Change by STINNER Victor : -- keywords: +patch pull_requests: +11964 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-

[issue36037] test_ssl fails on RHEL8 strict OpenSSL configuration

2019-02-19 Thread STINNER Victor
New submission from STINNER Victor : RHEL8 uses a strict crypto policy by default. For example, SSLContext uses TLS 1.2 as the minimum version by default. Attached PR fix test_ssl for RHEL8. The PR is not specific to RHEL8. It should also fix test_ssl on Debian: see bpo-35925 and bpo-36005.