Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.6] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-5663) #8761

Merged
merged 1 commit into from Aug 14, 2018

Conversation

Projects
None yet
4 participants
@tiran
Copy link
Member

commented Aug 14, 2018

Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes christian@python.org

https://bugs.python.org/issue32947

bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1
Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>

@tiran tiran force-pushed the tiran:tls1.3-3.6 branch from 07c1620 to a8b37a5 Aug 14, 2018

@tiran tiran merged commit 2a4ee8a into python:3.6 Aug 14, 2018

9 checks passed

VSTS: Linux-PR Linux-PR_20180814.12 succeeded
Details
VSTS: Windows-PR Windows-PR_20180814.12 succeeded
Details
VSTS: docs docs_20180814.12 succeeded
Details
VSTS: macOS-PR macOS-PR_20180814.12 succeeded
Details
bedevere/issue-number Issue number 32947 found
Details
bedevere/maintenance-branch-pr Valid maintenance branch PR title.
bedevere/news News entry found in Misc/NEWS.d
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@miss-islington

This comment has been minimized.

Copy link

commented Aug 14, 2018

Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 2.7.
🐍🍒🤖

@tiran tiran deleted the tiran:tls1.3-3.6 branch Aug 14, 2018

@miss-islington

This comment has been minimized.

Copy link

commented Aug 14, 2018

Sorry, @tiran, I could not cleanly backport this to 2.7 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826 2.7

stratakis added a commit to stratakis/cpython that referenced this pull request Feb 15, 2019

bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (pythonGH-8761)
Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8a)
@bedevere-bot

This comment has been minimized.

Copy link

commented Feb 15, 2019

GH-11876 is a backport of this pull request to the 2.7 branch.

stratakis added a commit to stratakis/cpython that referenced this pull request Feb 15, 2019

bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (pythonGH-8761)
Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8a)

vstinner added a commit to stratakis/cpython that referenced this pull request Feb 15, 2019

bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (pythonGH-8761)
Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8a)

vstinner added a commit that referenced this pull request Feb 15, 2019

[2.7] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761) (GH-11876
)

Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.