Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecate negotiating TLSv1 and TLSv1.1 by default #2002

Merged
merged 3 commits into from Oct 7, 2020

Conversation

@sethmlarson
Copy link
Member

@sethmlarson sethmlarson commented Sep 27, 2020

Closes #1990

@sethmlarson sethmlarson requested a review from pquentin Sep 27, 2020
@pquentin
Copy link
Member

@pquentin pquentin commented Sep 28, 2020

The approach looks good, thanks! This breaks other tests, though, we'd have to fix that first

@sethmlarson
Copy link
Member Author

@sethmlarson sethmlarson commented Sep 28, 2020

@pquentin Yeah I couldn't run the TLS<1.2 tests on my local machine because Ubuntu disables it via OpenSSL config now (🎉) and upon seeing how many failures there were threw my hands up and said "another time!" :)

@codecov
Copy link

@codecov codecov bot commented Oct 2, 2020

Codecov Report

No coverage uploaded for pull request base (master@6d38f17). Click here to learn what that means.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #2002   +/-   ##
=========================================
  Coverage          ?   99.86%           
=========================================
  Files             ?       25           
  Lines             ?     2294           
  Branches          ?        0           
=========================================
  Hits              ?     2291           
  Misses            ?        3           
  Partials          ?        0           
Impacted Files Coverage Δ
src/urllib3/connection.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6d38f17...0803f6a. Read the comment docs.

@sethmlarson
Copy link
Member Author

@sethmlarson sethmlarson commented Oct 2, 2020

@pquentin Ready for a review now that tests are passing. The macOS 3.8 failure is strange, I'm not seeing any logs?

@pquentin
Copy link
Member

@pquentin pquentin commented Oct 2, 2020

If you click on "View raw logs", you can see that the failure is test_timeout_errors_cause_retries. Most of the flaky tests left are actually socket-level, and I don't know how to fix them properly yet. I'll re-run the tests.

The new warning makes running the TLS 1.0 and 1.1 tests quite noisy, is there a way to not display them in pytest?

@sethmlarson
Copy link
Member Author

@sethmlarson sethmlarson commented Oct 2, 2020

Hmm that's true, we can potentially set ssl_version=... on them so it doesn't trigger the warning?

@pquentin
Copy link
Member

@pquentin pquentin commented Oct 2, 2020

Yeah, if that sounds good to me if it's easy to do. (Sorry, haven't read the actual diff for now, I'm fighting with CI instead!)

Closing/reopening to rerun due to another socketlevel flaky test. (Tests are way more flaky when the US workday starts!)

@pquentin pquentin closed this Oct 2, 2020
@pquentin pquentin reopened this Oct 2, 2020
Copy link
Member

@pquentin pquentin left a comment

Thanks! This looks good, though I'd like to see what can be done to reduce the warnings shown when running tests.

@sethmlarson
Copy link
Member Author

@sethmlarson sethmlarson commented Oct 7, 2020

@pquentin Yeah we might have to live with the noisiness for now, any other work-around is pretty painful. We'll get away from it after v2 though!

@sethmlarson sethmlarson merged commit 4b0da49 into urllib3:master Oct 7, 2020
16 of 17 checks passed
@sethmlarson sethmlarson deleted the deprecate-tls-lt-1.2 branch Oct 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

2 participants