Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DeprecationWarning: ssl.PROTOCOL_TLS is deprecated #653

Closed
maranov opened this issue Mar 22, 2022 · 3 comments
Closed

DeprecationWarning: ssl.PROTOCOL_TLS is deprecated #653

maranov opened this issue Mar 22, 2022 · 3 comments
Labels
Status: Available No one has claimed responsibility for resolving this issue.

Comments

@maranov
Copy link

maranov commented Mar 22, 2022

Per Python ssl docs, the PROTOCOL_TLS has been deprecated, replaced with PROTOCOL_TLS_CLIENT/SERVER. This setting is used in the client at:

paho.mqtt.python/src/paho/mqtt/client.py

Line 791 in 9782ab8

tls_version = ssl.PROTOCOL_TLS

From what I understood, the PROTOCOL_TLS_CLIENT should be the correct replacement (for client connections), but it has some side effects:

The protocol enables CERT_REQUIRED and check_hostname by default.

Looking at the client code, this seems to be the defaults for tls_set as well. Replacing the PROTOCOL_TLS with PROTOCOL_TLS_CLIENT, while using PROTOCOL_TLS as a fallback for Python 2.7 should remove the deprecation warning.
@maranov
Copy link
Author

maranov commented Mar 22, 2022

I could open a PR if the proposed solution sounds like a good idea.

@github-actions github-actions bot added the Status: Available No one has claimed responsibility for resolving this issue. label Mar 22, 2022
@timhaines
Copy link

@maranov sounds good to me. Would love to see this warning disappear. 👍

maranov pushed a commit to maranov/paho.mqtt.python that referenced this issue Jun 10, 2022
Fix Python >=3.10 PROTOCOL_TLS DeprecationWarning
88a8681 
PROTOCOL_TLS_CLIENT/_SERVER are attempted to be selected before falling back to the legacy PROTOCOL_TLS setting. The side effects of using PROTOCOL_TLS_CLIENT is that CERT_REQUIRED and check_hostname are enabled by default, but these were explicitly used as a default already and remain to be the defaults even if PROTOCOL_TLS_CLIENT is unavailable.

Bug: eclipse#653
Signed-off-by: Marek Novak <me@maranov.cz>
@maranov maranov mentioned this issue Jun 10, 2022
Merged
@wosym wosym mentioned this issue Jun 30, 2022
Open
@sgbaird sgbaird mentioned this issue Dec 11, 2022
Closed
@MiChaelinzo MiChaelinzo mentioned this issue Aug 1, 2023
Closed
@cdce8p cdce8p mentioned this issue Aug 20, 2023
Merged
20 tasks
@ghbook ghbook mentioned this issue Nov 4, 2023
Open
@MattBrittan
Copy link
Contributor

As PR #665 has now been merged I believe this issue can be closed. Note that there are a few other related issues that will remain open (the documentation does not really match the code).

Note: This is part of an exercise to clean up old issues so that the project can move forwards. Due to the number of issues being worked through mistakes will be made; please feel free to reopen this issue (or comment) if you believe it's been closed in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Available No one has claimed responsibility for resolving this issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@timhaines @maranov @MattBrittan