New submission from STINNER Victor <vstin...@redhat.com>:
RHEL8 uses a strict crypto policy by default. For example, SSLContext uses TLS
1.2 as the minimum version by default.
Attached PR fix test_ssl for RHEL8. The PR is not specific to RHEL8. It should
also fix test_ssl on Debian: see bpo-35925 and bpo-36005.
test_ssl failures on RHEL8:
======================================================================
ERROR: test_PROTOCOL_TLS (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/cpython-master/Lib/test/test_ssl.py", line 3079, in
test_PROTOCOL_TLS
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1')
File "/root/cpython-master/Lib/test/test_ssl.py", line 2623, in
try_protocol_combo
stats = server_params_test(client_context, server_context,
File "/root/cpython-master/Lib/test/test_ssl.py", line 2549, in
server_params_test
s.connect((HOST, server.port))
File "/root/cpython-master/Lib/ssl.py", line 1150, in connect
self._real_connect(addr, False)
File "/root/cpython-master/Lib/ssl.py", line 1141, in _real_connect
self.do_handshake()
File "/root/cpython-master/Lib/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version
(_ssl.c:1055)
======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/cpython-master/Lib/test/test_ssl.py", line 3150, in
test_protocol_tlsv1_1
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
File "/root/cpython-master/Lib/test/test_ssl.py", line 2623, in
try_protocol_combo
stats = server_params_test(client_context, server_context,
File "/root/cpython-master/Lib/test/test_ssl.py", line 2549, in
server_params_test
s.connect((HOST, server.port))
File "/root/cpython-master/Lib/ssl.py", line 1150, in connect
self._real_connect(addr, False)
File "/root/cpython-master/Lib/ssl.py", line 1141, in _real_connect
self.do_handshake()
File "/root/cpython-master/Lib/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version
(_ssl.c:1055)
======================================================================
FAIL: test_min_max_version (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/cpython-master/Lib/test/test_ssl.py", line 1093, in
test_min_max_version
self.assertIn(
AssertionError: <TLSVersion.TLSv1_2: 771> not found in {<TLSVersion.TLSv1:
769>, <TLSVersion.MINIMUM_SUPPORTED: -2>}
----------------------------------------------------------------------
Ran 150 tests in 3.318s
FAILED (failures=1, errors=2, skipped=9)
----------
assignee: christian.heimes
components: SSL, Tests
messages: 335950
nosy: christian.heimes, vstinner
priority: normal
severity: normal
status: open
title: test_ssl fails on RHEL8 strict OpenSSL configuration
versions: Python 3.8
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue36037>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
