[New-bugs-announce] [issue17962] Broken OpenSSL version in Windows builds

Antoine Pitrou report at bugs.python.org
Sun May 12 13:24:05 CEST 2013

New submission from Antoine Pitrou:

3.3 and default are currently fetching OpenSSL 1.0.1d for the Windows builds.

It seems OpenSSL 1.0.1d was a kind of "brown paper bag" release, they've released 1.0.1e since (some of test_ssl can fail on 1.0.1d and succeed on 1.0.1e, as experienced on my Linux setup; the Windows buildbots also exhibit similar failures).

Following is their description of the fix:

“Changes between 1.0.1d and 1.0.1e [11 Feb 2013]

  *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
     supporting platforms or when small records were transferred.
     [Andy Polyakov, Steve Henson]”

components: Build, Windows
messages: 189018
nosy: georg.brandl, larry, loewis, pitrou
priority: release blocker
severity: normal
status: open
title: Broken OpenSSL version in Windows builds
type: behavior
versions: Python 3.3, Python 3.4

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list