** Description changed:

  [Impact]
  
-  * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname
+  * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname
  SSL context option must be set when establishing the connection,
  otherwise, validation of SNI certificates fail and thus resulting in
  lack of connectivity.
  
  [Test Case]
  
-  * use python-boto to connect to an SNI tls protected host
+  * use python-boto to connect to an SNI tls protected host
  
  [Regression Potential]
  
-  * change is compatible with pythons/openssl versions shipped in 
bionic/cosmic-release
-  * change is from upstream / tested in debian & disco
-  * change improves security, and is compatible with deployed servers out there
-  * hosts with certificates not matching their actual hostname will remain 
invalid/untrusted
+  * change is compatible with pythons/openssl versions shipped in 
bionic/cosmic-release
+  * change is from upstream / tested in debian & disco
+  * change improves security, and is compatible with deployed servers out there
+  * hosts with certificates not matching their actual hostname will remain 
invalid/untrusted
+ 
+ [Additional info]
+ To install python & openssl 1.1.1 on Bionic you may enable and use the below 
silo, which will then exhibit the enforcement of SNI hostname verification.
+ 
+ sudo add-apt-repository ppa:ci-train-ppa-service/3473
+ sudo apt-get update

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815439

Title:
  python-boto needs to support SNI for OpenSSL 1.1.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-boto/+bug/1815439/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to