My understanding of things is that Ubuntu does this: - Set the default security level to 2 (at compile time) - Disable TLS 1.0 and 1.1 at security level 2, only keeping TLS 1.2 by default
This is what Debian does: - Set the default security level to 2 (using a config file) - Set the minimum version to TLS 1.2 (using a config file) To be able to use TLS 1.0 on Ubuntu you need to: - Change the security level to 1 To be able to use TLS 1.0 on Debian you need to: - Set the minimum allowed version to TLS 1.0 My understanding of the issue is that python doesn't know which TLS version can be negotiated, and uses or overrides the minimum TLS version which happens to currently work on Debian. But for the test suite it should also override the security level. Note that in upstream OpenSSL 3.0, TLS 1.0 and 1.1 no longer meet the requirements for security level 1, if you want to use TLS 1.0 in the test suite you need to set the security level to 0. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1899878 Title: Python's test_ssl fails starting from Ubuntu 20.04 Status in openssl package in Ubuntu: Incomplete Bug description: Please take a look at https://bugs.python.org/issue41561. Developers who work on Python think that the issue is due to a change in Ubuntu 20.04 that is best described by https://bugs.python.org/issue41561#msg378089: "It sounds like a Debian/Ubuntu patch is breaking an assumption. Did somebody report the bug with Debian/Ubuntu maintainers of OpenSSL already? Fedora also configures OpenSSL with minimum protocol version of TLS 1.2. The distribution does it in a slightly different way that makes the restriction discoverable and that is compatible with Python's test suite." To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
