]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 28eb87f) | patch
[2.7] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761) (GH-11876)
authorstratakis <cstratak@redhat.com>
Fri, 15 Feb 2019 17:27:44 +0000 (18:27 +0100)
committerVictor Stinner <vstinner@redhat.com>
Fri, 15 Feb 2019 17:27:44 +0000 (18:27 +0100)
commit2149a9ad7a9d39d7d680ec0fb602042c91057484
treeb45e3f3f5c47752b44873be0b2782b88d4b5fa71tree | snapshot
parent28eb87f4f558952f259fada7be1ab5b31b8a91efcommit | diff
[2.7] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761) (GH-11876)

Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826)
Doc/library/ssl.rst diff | blob | blame | history
Lib/test/test_ssl.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2018-08-14-08-57-01.bpo-32947.mqStVW.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git