On Wed, Mar 3, 2021 at 8:08 AM Christian Heimes <christ...@python.org>
wrote:

> On 03/03/2021 16.06, Senthil Kumaran wrote:
> > On Tue, Mar 2, 2021 at 8:29 PM Gregory P. Smith <g...@krypto.org> wrote:
> >>
> >> For lack of better things to do with that...
> https://bugs.python.org/issue43382 filed to track it.
> >
> > Actually, that turned out to be useful. Thank you!
> >
> > The discussion with the default minimal level TLS, and way it is
> > configured in distributions like Ubuntu, Debian, Fedora, and it's
> > usage with Python is  bit _unsettling_ from a users perspective.
> > OpenSSL, Ubuntu, Python are heavily relied upon pieces of
> > infrastructure. I wouldn't be surprised if more projects noticed this
> > problem with the update to Ubuntu 20.02.
>
> Hi,
>
> for the record, the issue started when GitHub Actions updated
> "ubuntu-latest" was updated from 18.04 to 20.04. A user reported a
> similar issue on BPO last year in August and with Ubuntu last year in
> October. Only Ubuntu is affected. Debian, standard OpenSSL, and other
> distros use a different approach set minimum protocol version:
>
> https://bugs.python.org/issue41561
> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625
>
>
> PEP 644 (not approved yet)


Has this been submitted to the SC yet? I can't find an email or anything at
https://github.com/python/steering-council/issues?q=is%3Aissue+is%3Aopen+644
.

-Brett


> and a soon-to-be-published PEP will hopefully
> get rid of the problem once and for all. PEP 644 removes support for
> OpenSSL < 1.1 and the new PEP will remove support for TLS 1.0 and 1.1
> from stdlib.
>
> https://www.python.org/dev/peps/pep-0644/
>
>
> By the way, all major distributions disable TLS 1.0 and 1.1. They also
> set a higher security level to block weak RSA, DH, and signatures. You
> can find more information about Fedora crypto policies at:
>
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
> https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
>
>
> Here are some of my fixes for crypto policies, TLS 1.0/1.1 deprecation,
> and FIPS:
>
> https://bugs.python.org/issue34399
> https://bugs.python.org/issue38275
> https://bugs.python.org/issue38271
> https://bugs.python.org/issue34542
>
> Christian
> _______________________________________________
> python-committers mailing list -- python-committers@python.org
> To unsubscribe send an email to python-committers-le...@python.org
> https://mail.python.org/mailman3/lists/python-committers.python.org/
> Message archived at
> https://mail.python.org/archives/list/python-committers@python.org/message/JO3PCRIIG36GW2ZBRCSWUHNBXPUURYUW/
> Code of Conduct: https://www.python.org/psf/codeofconduct/
>
_______________________________________________
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/HMOPREK7N3J44MLTUWFUJZRJQJ62QPMU/
Code of Conduct: https://www.python.org/psf/codeofconduct/

Reply via email to