2) and 3) would never return 0, which is what the upstream OpenSSL version returns now.
2) would make it return TLS1_VERSION for the minimum and TLS1_3_VERSION for the maximum with default build options. If you enable SSlv3 support at compile time, the minimum would return SSL3_VERSION. Note that there is a TLS_MAX_VERSION define that's equal to TLS1_3_VERSION, but no such define for the minimum. 1) would just return what is set, which is 0 upstream and for Ubuntu for both minimum and maximum, where 0 is defined as no limit set. Debian sets the minimum to TLS1_2_VERSION, and so returns that value. But maybe if no limit is set (and so the value is 0), it can instead return the minimum/maximum version that's supported at compile time. 3) Would have as effect that upstream in 1.1.1 returns TLS1_VERSION and TLS1_3_VERSION, but TLS1_2_VERSION and TLS1_3_VERSION in 3.0. For Ubuntu and Debian it would return TLS1_2_VERSION and TLS1_3_VERISON, since that is what they do using a different method. Setting the default minimum to TLS1_2_VERSION (at compile time) will clearly fix your problem. But I think you're going to run in the same problem with 3.0, and we should probably add a new API in 3.0 for it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1899878 Title: Python's test_ssl fails starting from Ubuntu 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
