git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Christian Heimes <christian@python.org>
	Tue, 14 Aug 2018 14:56:32 +0000 (16:56 +0200)
committer	GitHub <noreply@github.com>
	Tue, 14 Aug 2018 14:56:32 +0000 (16:56 +0200)
commit	2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826
tree	72fd5a6dbb8d3cfc45f44d763987e5957ae61fc0	tree \| snapshot
parent	4ee06b3eef55b00c125f21219d970ac07fb9b996	commit \| diff

bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761)

Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>

Doc/library/ssl.rst		diff \| blob \| blame \| history
Lib/test/test_asyncio/test_events.py		diff \| blob \| blame \| history
Lib/test/test_ssl.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2018-08-14-08-57-01.bpo-32947.mqStVW.rst	[new file with mode: 0644]	blob
Modules/_ssl.c		diff \| blob \| blame \| history