From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Date: Fri, 9 Apr 2021 14:02:03 +0000 (-0700) Subject: [3.8] bpo-43791: Skip TLS 1.0/1.1 tests under OpenSSL 3.0.0 (GH-25304) (GH-25308) X-Git-Tag: v3.8.10~74 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4e710d1c88cbebdb17578de00997457b3b26874d;p=thirdparty%2FPython%2Fcpython.git [3.8] bpo-43791: Skip TLS 1.0/1.1 tests under OpenSSL 3.0.0 (GH-25304) (GH-25308) Signed-off-by: Christian Heimes (cherry picked from commit 5151d642004c59cce58d669be85d9a5e987f51d3) Co-authored-by: Christian Heimes Automerge-Triggered-By: GH:tiran --- diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index ec7bb74d28ce..292794c69b5a 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -34,6 +34,7 @@ HOST = support.HOST IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL') IS_OPENSSL_1_1_0 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) IS_OPENSSL_1_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1) +IS_OPENSSL_3_0_0 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (3, 0, 0) PY_SSL_DEFAULT_CIPHERS = sysconfig.get_config_var('PY_SSL_DEFAULT_CIPHERS') PROTOCOL_TO_TLS_VERSION = {} @@ -204,6 +205,10 @@ def has_tls_version(version): if not getattr(ssl, f'HAS_{version.name}'): return False + if IS_OPENSSL_3_0_0 and version < ssl.TLSVersion.TLSv1_2: + # bpo43791: 3.0.0-alpha14 fails with TLSV1_ALERT_INTERNAL_ERROR + return False + # check runtime and dynamic crypto policy settings. A TLS version may # be compiled in but disabled by a policy or config option. ctx = ssl.SSLContext() diff --git a/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst b/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst new file mode 100644 index 000000000000..964ae5abb3d8 --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst @@ -0,0 +1,2 @@ +OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests +are failing with TLSV1_ALERT_INTERNAL_ERROR.