I didn't include a setter for security level on purpose, https://bugs.python.org/issue41195 . Most recent Python version only has a getter to query security level. I strongly believe that user application should not modify security level. Security level and TLS versions should be centrally managed by system administrators. Unfortunately Python's ssl module still has legacy support for TLS 1.0 and 1.1.
Even a check for seclevel == 2 or modification of the security level wouldn't address Python's test failures on Ubuntu. After all Ubuntu uses a custom policy that deviates from the seclevel 2 definition at https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_get_security_level.html Do you suggest that Python should check for Ubuntu in the test suite, so we can special case Ubuntu's custom policy? ** Bug watch added: Python Roundup #41195 http://bugs.python.org/issue41195 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917625 Title: OpenSSL TLS 1.1 handshake fails internal error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
