[TLS] Update test keys to >= 2048bit #78580

tiran · 2018-08-14T08:46:30Z

BPO	34399
Nosy	@tiran
PRs	bpo-34399: 2048 bits RSA keys and DH params #8762 [3.7] bpo-34399: 2048 bits RSA keys and DH params (GH-8762) #8763 [3.6] bpo-34399: 2048 bits RSA keys and DH params (GH-8762) #8764 [2.7] bpo-34399: 2048 bits RSA keys and DH params (GH-8762) #8765 bpo-34399: Update test certs and keys #8994

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/tiran'
closed_at = <Date 2018-08-15.07:43:41.819>
created_at = <Date 2018-08-14.08:46:29.715>
labels = ['3.7', 'expert-SSL', '3.8', 'type-bug', 'tests']
title = '[TLS] Update test keys to >= 2048bit'
updated_at = <Date 2018-08-29.14:35:34.007>
user = 'https://github.com/tiran'

bugs.python.org fields:

activity = <Date 2018-08-29.14:35:34.007>
actor = 'christian.heimes'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2018-08-15.07:43:41.819>
closer = 'christian.heimes'
components = ['Tests', 'SSL']
creation = <Date 2018-08-14.08:46:29.715>
creator = 'christian.heimes'
dependencies = []
files = []
hgrepos = []
issue_num = 34399
keywords = ['patch']
message_count = 5.0
messages = ['323504', '323507', '323524', '323525', '323555']
nosy_count = 1.0
nosy_names = ['christian.heimes']
pr_nums = ['8762', '8763', '8764', '8765', '8994']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue34399'
versions = ['Python 2.7', 'Python 3.6', 'Python 3.7', 'Python 3.8']

tiran · 2018-08-14T08:46:30Z

Downstream vendors have started to tighten security. 1024 bits RSA and DH params are no longer considered as secure. Python 3.7 and master already use 2048 bits RSA keys for some tests (bpo-32602). 3.6 and 2.7 don't have 1024bit keys. DH params and some other certs are still 1024 bits.

I'm going to update all keys and parameters to 2048.

tiran · 2018-08-14T10:54:27Z

New changeset 88bfd0b by Christian Heimes in branch 'master':
bpo-34399: 2048 bits RSA keys and DH params (bpo-8762)
88bfd0b

tiran · 2018-08-14T14:52:31Z

New changeset e3228a3 by Christian Heimes (Miss Islington (bot)) in branch '3.7':
bpo-34399: 2048 bits RSA keys and DH params (GH-8762) (GH-8763)
e3228a3

tiran · 2018-08-14T14:53:07Z

New changeset 1f34aec by Christian Heimes in branch '2.7':
[2.7] bpo-34399: 2048 bits RSA keys and DH params (GH-8762) (GH-8765)
1f34aec

tiran · 2018-08-15T07:24:53Z

New changeset 5e9551b by Christian Heimes in branch '3.6':
[3.6] bpo-34399: 2048 bits RSA keys and DH params (GH-8762) (GH-8764)
5e9551b

tiran added 3.7 only security fixes 3.8 only security fixes labels Aug 14, 2018

tiran self-assigned this Aug 14, 2018

tiran added tests Tests in the Lib/test dir topic-SSL type-bug An unexpected behavior, bug, or error labels Aug 14, 2018

tiran closed this as completed Aug 15, 2018

ezio-melotti transferred this issue from another repository Apr 10, 2022

[TLS] Update test keys to >= 2048bit #78580

[TLS] Update test keys to >= 2048bit #78580

tiran commented Aug 14, 2018

tiran commented Aug 14, 2018

tiran commented Aug 14, 2018

tiran commented Aug 14, 2018

tiran commented Aug 14, 2018

tiran commented Aug 15, 2018

[TLS] Update test keys to >= 2048bit #78580

[TLS] Update test keys to >= 2048bit #78580

Comments

tiran commented Aug 14, 2018

tiran commented Aug 14, 2018

tiran commented Aug 14, 2018

tiran commented Aug 14, 2018

tiran commented Aug 14, 2018

tiran commented Aug 15, 2018