[New-bugs-announce] [issue32947] Support OpenSSL 1.1.1
Christian Heimes
report at bugs.python.org
Sun Feb 25 06:54:40 EST 2018
New submission from Christian Heimes <lists at cheimes.de>:
I'm using this ticket as an epos to track commits and required changes for OpenSSL 1.1.1 and TLS 1.3. Fixes need to be backported to 2.7 and 3.6 to 3.8. We might have to consider backports to 3.4 and 3.5, too.
If all goes to plan, OpenSSL 1.1.1 final is scheduled for 8th May 2018, https://www.openssl.org/policies/releasestrat.html . It will contain support for TLS 1.3. Python should either support TLS 1.3 by then or disable TLS 1.3 by default.
Fixes:
* #20995 added TLS 1.3 cipher suite support
* #29136 added OP_NO_TLSv1_3
* #30622 fixes NPN guard for OpenSSL 1.1.1
Issues:
* A new option OP_ENABLE_MIDDLEBOX_COMPAT is enabled by default. We need to expose the flag to make test pass.
* TLS 1.3 has changed session handling. The current session code cannot handle TLS 1.3 session resumption.
* Threaded echo server and asynchat based tests are failing with TLS 1.3. I haven't analyzed the issue properly. It looks like the server thread dies when a handshake error occurs.
----------
assignee: christian.heimes
components: SSL
messages: 312804
nosy: christian.heimes
priority: normal
severity: normal
status: open
title: Support OpenSSL 1.1.1
type: enhancement
versions: Python 2.7, Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32947>
_______________________________________
More information about the New-bugs-announce
mailing list