[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

Alex Grönholm added the comment: OpenSSL 1.1.1 also handled EOFs strictly, but this behavior was generally suppressed in the ssl module through the default setting of suppress_ragged_eofs=True (thus enabling truncation attacks by default). The PR changes the behavior of existing applications

[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

Christian Heimes added the comment: I have updated whatsnew in GH-25817. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

miss-islington added the comment: New changeset 54d89a33e0d1b854fd5a72889d6554aeeb4170f0 by Miss Islington (bot) in branch '3.9': bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309) https://github.com/python/cpython/commit/54d89a33e0d1b854fd5a72889d6554aeeb4170f0

[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

miss-islington added the comment: New changeset e18ebd9ec546a3647a57c282735350f60a26d66d by Miss Islington (bot) in branch '3.8': bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309) https://github.com/python/cpython/commit/e18ebd9ec546a3647a57c282735350f60a26d66d

[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

Change by miss-islington : -- pull_requests: +24049 pull_request: https://github.com/python/cpython/pull/25314 ___ Python tracker ___

[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

Christian Heimes added the comment: New changeset 6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372 by Christian Heimes in branch 'master': bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309) https://github.com/python/cpython/commit/6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372

[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

Change by miss-islington : -- nosy: +miss-islington nosy_count: 1.0 -> 2.0 pull_requests: +24048 pull_request: https://github.com/python/cpython/pull/25313 ___ Python tracker

[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

Change by Christian Heimes : -- keywords: +patch pull_requests: +24044 stage: -> patch review pull_request: https://github.com/python/cpython/pull/25309 ___ Python tracker

[issue43794] OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF

New submission from Christian Heimes : OpenSSL 3.0.0 state machine handles unexpected EOFs more strict and requires peers to properly shut down connections. The old OpenSSL 1.1.1 behavior can be get back with SSL_OP_IGNORE_UNEXPECTED_EOF. I propose to add the option by default until Python's