bpo-31453: [WIP] Allow to change TLS protocols on Debian #3662

tiran · 2017-09-19T19:09:31Z

DO NOT MERGE

Undo Debian Unstable's patching for SSL_CTX. Allow all protocols with
SSL_CTX_set_min_proto_version() again so they can be enabled and disabled
with SSL_CTX_set_options(). The set_min_proto_version is not supported by
Python, set_options is available as SSLContext.options.

Signed-off-by: Christian Heimes christian@python.org

https://bugs.python.org/issue31453

Undo Debian Unstable's patching for SSL_CTX. Allow all protocols with SSL_CTX_set_min_proto_version() again so they can be enabled and disabled with SSL_CTX_set_options(). The set_min_proto_version is not supported by Python, set_options is available as SSLContext.options. Signed-off-by: Christian Heimes <christian@python.org>

tiran · 2018-02-22T17:43:52Z

I'm closing this PR because Debian has backed off for now. I rather backport PR #5259 in case Debian disables TLS 1.0 and 1.1 again.

tiran added needs backport to 2.7 type-bug An unexpected behavior, bug, or error type-security A security issue labels Sep 19, 2017

the-knights-who-say-ni added the CLA signed label Sep 19, 2017

bedevere-bot added the awaiting merge label Sep 19, 2017

tiran force-pushed the bpo-31453-debian-tls-fix branch from 3c0dea4 to 7f864ff Compare September 19, 2017 21:28

tiran closed this Feb 22, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bpo-31453: [WIP] Allow to change TLS protocols on Debian #3662

bpo-31453: [WIP] Allow to change TLS protocols on Debian #3662

tiran commented Sep 19, 2017 •

edited by bedevere-bot

tiran commented Feb 22, 2018

bpo-31453: [WIP] Allow to change TLS protocols on Debian #3662

bpo-31453: [WIP] Allow to change TLS protocols on Debian #3662

Conversation

tiran commented Sep 19, 2017 • edited by bedevere-bot

tiran commented Feb 22, 2018

tiran commented Sep 19, 2017 •

edited by bedevere-bot