[issue8322] test_ssl failures with OpenSSL 1.0.0

Antoine Pitrou added the comment: Committed in r80151 (trunk), r80154 (py3k). -- resolution: -> fixed stage: patch review -> committed/rejected status: open -> closed ___ Python tracker ___

[issue8322] test_ssl failures with OpenSSL 1.0.0

Changes by Antoine Pitrou : -- stage: needs patch -> patch review ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue8322] test_ssl failures with OpenSSL 1.0.0

Antoine Pitrou added the comment: New patch updating docs. -- Added file: http://bugs.python.org/file16954/ciphers2.patch ___ Python tracker ___ _

[issue8322] test_ssl failures with OpenSSL 1.0.0

Changes by Antoine Pitrou : Added file: http://bugs.python.org/file16953/ciphers.patch ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue8322] test_ssl failures with OpenSSL 1.0.0

Changes by Antoine Pitrou : Removed file: http://bugs.python.org/file16952/ciphers.patch ___ Python tracker ___ ___ Python-bugs-list mailing li

[issue8322] test_ssl failures with OpenSSL 1.0.0

Antoine Pitrou added the comment: A set_ciphers() method turns out to be highly impractical, since the underlying SSL objects are created lazily when we actually connect the socket. Therefore, I have instead opted for a new "ciphers" argument to the SSL constructor(s). Patch attached. ---

[issue8322] test_ssl failures with OpenSSL 1.0.0

Antoine Pitrou added the comment: > List of ciphers is application dependent and configure script can't > limit users(applications) . I was obviously talking about a runtime argument to ssl.wrap_socket(). -- ___ Python tracker

[issue8322] test_ssl failures with OpenSSL 1.0.0

Roumen Petrov added the comment: Antoine Pitrou wrote: > > Antoine Pitrou added the comment: > > After some investigation, the error does occur because of the aforementioned > changelog entry (SSLv2 weak ciphers are now disabled by default). To check it > I just added the following line to ne

[issue8322] test_ssl failures with OpenSSL 1.0.0

Antoine Pitrou added the comment: After some investigation, the error does occur because of the aforementioned changelog entry (SSLv2 weak ciphers are now disabled by default). To check it I just added the following line to newPySSLObject(): SSL_CTX_set_cipher_list(self->ctx, "ALL"); Of

[issue8322] test_ssl failures with OpenSSL 1.0.0

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue8322] test_ssl failures with OpenSSL 1.0.0

STINNER Victor added the comment: All errors concern SSLv23 at server side, and another protocol at client side (SSLv23 for client and server works as expected). -- ___ Python tracker _

[issue8322] test_ssl failures with OpenSSL 1.0.0

Antoine Pitrou added the comment: It begs the question of why the tests succeed with previous OpenSSL versions. The only possibly relevant entry I could find in the OpenSSL changelog (but I'm not an expert) is the following: *) If no SSLv2 ciphers are used don't use an SSLv2 compatible clien

[issue8322] test_ssl failures with OpenSSL 1.0.0

STINNER Victor added the comment: Extract of SSL_CTX_new manual page: SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client

[issue8322] test_ssl failures with OpenSSL 1.0.0

New submission from Antoine Pitrou : When I compile and link against a local build of OpenSSL 1.0.0 (vanilla), I get the following errors in test_ssl: == ERROR: testProtocolSSL2 (test.test_ssl.ThreadedTests) ---