On Wed, Mar 3, 2021 at 8:08 AM Christian Heimes <christ...@python.org> wrote:
> On 03/03/2021 16.06, Senthil Kumaran wrote: > > On Tue, Mar 2, 2021 at 8:29 PM Gregory P. Smith <g...@krypto.org> wrote: > >> > >> For lack of better things to do with that... > https://bugs.python.org/issue43382 filed to track it. > > > > Actually, that turned out to be useful. Thank you! > > > > The discussion with the default minimal level TLS, and way it is > > configured in distributions like Ubuntu, Debian, Fedora, and it's > > usage with Python is bit _unsettling_ from a users perspective. > > OpenSSL, Ubuntu, Python are heavily relied upon pieces of > > infrastructure. I wouldn't be surprised if more projects noticed this > > problem with the update to Ubuntu 20.02. > > Hi, > > for the record, the issue started when GitHub Actions updated > "ubuntu-latest" was updated from 18.04 to 20.04. A user reported a > similar issue on BPO last year in August and with Ubuntu last year in > October. Only Ubuntu is affected. Debian, standard OpenSSL, and other > distros use a different approach set minimum protocol version: > > https://bugs.python.org/issue41561 > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 > > > PEP 644 (not approved yet) Has this been submitted to the SC yet? I can't find an email or anything at https://github.com/python/steering-council/issues?q=is%3Aissue+is%3Aopen+644 . -Brett > and a soon-to-be-published PEP will hopefully > get rid of the problem once and for all. PEP 644 removes support for > OpenSSL < 1.1 and the new PEP will remove support for TLS 1.0 and 1.1 > from stdlib. > > https://www.python.org/dev/peps/pep-0644/ > > > By the way, all major distributions disable TLS 1.0 and 1.1. They also > set a higher security level to block weak RSA, DH, and signatures. You > can find more information about Fedora crypto policies at: > > https://fedoraproject.org/wiki/Changes/CryptoPolicy > https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 > > > Here are some of my fixes for crypto policies, TLS 1.0/1.1 deprecation, > and FIPS: > > https://bugs.python.org/issue34399 > https://bugs.python.org/issue38275 > https://bugs.python.org/issue38271 > https://bugs.python.org/issue34542 > > Christian > _______________________________________________ > python-committers mailing list -- python-committers@python.org > To unsubscribe send an email to python-committers-le...@python.org > https://mail.python.org/mailman3/lists/python-committers.python.org/ > Message archived at > https://mail.python.org/archives/list/python-committers@python.org/message/JO3PCRIIG36GW2ZBRCSWUHNBXPUURYUW/ > Code of Conduct: https://www.python.org/psf/codeofconduct/ >
_______________________________________________ python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-le...@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/HMOPREK7N3J44MLTUWFUJZRJQJ62QPMU/ Code of Conduct: https://www.python.org/psf/codeofconduct/