Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Debian changed the default security level to 2 since openssl package version 1.1.1~~pre9-1 (August 2018), which requires a minimum key size of 2048 bit or larger RSA and DHE keys. To avoid test failures on newer Debian systems against OpenSSL, use a key size of at least 2048 bits.
I guess another approach might be to adjust the way OpenSSL is used to somehow override
CipherString
in/etc/ssl/openssl.cnf
at runtime. I'm not sure how to do that.This is Debian bug 926652. The build failure is logged here (I'm not sure how long that will be retained for).
I intend to patch Debian with this soon, to allow python-trustme 0.4.0 to make the next Debian release, at least. Please let me know if you think this is the wrong thing to do.