Kurt Roeckx added the comment:
Do you have any idea when the next release will be? I think python is currently
our biggest blocker for getting OpenSSL 1.1.1 in Debian testing.
--
___
Python tracker
<https://bugs.python.org/issue32
Kurt Roeckx added the comment:
Christian,
Do you have any update on this? Any idea when we can expect relased python
versions that work with OpenSSL 1.1.1?
--
___
Python tracker
<https://bugs.python.org/issue32
Kurt Roeckx added the comment:
This are automated tests for the packages in Debian. I uploaded the pre9
version to unstable, and as a result of that all reverse dependencies got
tested. I don't have any experience with python myself.
Anyway, the openssl.cnf in Debian contains
Kurt Roeckx added the comment:
This are the errors I'm currently getting testing with the pre9 verion in
Debian:
https://ci.debian.net/data/autopkgtest/testing/amd64/p/python2.7/865936/log.gz
https://ci.debian.net/data/autopkgtest/testing/amd64/p/python3.6/865937/log.gz
https://ci.debian.net
Kurt Roeckx <k...@roeckx.be> added the comment:
The effect is the same as calling SSL_CTX_set_min_proto_version().
--
___
Python tracker <rep...@bugs.python.org>
<https://bugs.python
Kurt Roeckx <k...@roeckx.be> added the comment:
Note that the version in experimental only supports TLS 1.2 and 1.3 with the
default config. It's moved from fixed in the code, to the default config file.
I expect to upload that to unstable "soon", at which point people w
New submission from Kurt Roeckx <k...@roeckx.be>:
Here:
https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname
And here:
https://docs.python.org/2/library/ssl.html#ssl.SSLContext.check_hostname
It uses ssl.PROTOCOL_TLSv1, which is a bad example. Please
Kurt Roeckx added the comment:
So this seems to be a function that just gets the certificate? You need to be
careful with this since a server could perfectly decide to send a different
certificate depending on the client hello it receives. Like if you support
ECDSA it might decide to send
Kurt Roeckx added the comment:
SSLv3 does not support the TLS extensions so it's going to send a totally
different Client Hello. It will for instance not indicate with elliptic curves
it supports. So yes the behavior for SSLv3 and SSLv23 can be totally
different. But even with both SSLv23
Kurt Roeckx added the comment:
Most such sites actually seem to have dropped support for SSLv3.
One site where it depends on the cipher string is bugs.cdburnerxp.se
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue22935
Kurt Roeckx added the comment:
I did update the documentation to mention that, but it seems none of my
documentation changes got applied.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue22935
Kurt Roeckx added the comment:
I've just signed the contributor agreement
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue22935
___
___
Python
New submission from Kurt Roeckx:
Hi,
The attached patch makes python work when openssl doesn't have SSLv3 support.
It also updates the documentation, which has already improved a lot since my
original patch.
The current upstream openssl when compiled with no-ssl2 it defines
OPENSSL_NO_SSL2
Kurt Roeckx added the comment:
I know what I uploaded to Debian experimental. And I can't promise that I'll
keep that define. I suggest you assume that NO_SSL3 will disable both.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org
14 matches
Mail list logo
