[issue34669] test_ssl fails if SSLv2 is enabled

Benjamin Peterson report at bugs.python.org
Thu Sep 13 19:11:27 EDT 2018 

New submission from Benjamin Peterson <benjamin at python.org>:

I modified multissltests.py to enable-ssl2:

--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -275,7 +275,8 @@ class AbstractBuilder(object):
         cmd = [
             "./config",
             "shared", "--debug",
-            "--prefix={}".format(self.install_dir)
+            "--prefix={}".format(self.install_dir),
+            "enable-ssl2",
         ]
         env = os.environ.copy()

This results in some test_ssl failures, which all seem to have the same root cause:

$ Tools/ssl/multissltests.py  --openssl 1.0.2o
....
======================================================================
ERROR: test_constructor (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 965, in test_constructor
    ssl.SSLContext(protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 973, in test_protocol
    ctx = ssl.SSLContext(proto)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_session_stats (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 1320, in test_session_stats
    ctx = ssl.SSLContext(proto)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_echo (test.test_ssl.ThreadedTests) (protocol='PROTOCOL_SSLv2')
Basic test of an SSL client connecting to a server
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2569, in test_echo
    context = ssl.SSLContext(protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2960, in test_protocol_sslv2
    try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_sslv3 (test.test_ssl.ThreadedTests)
Connecting to an SSLv3 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 3026, in test_protocol_sslv3
    try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 3043, in test_protocol_tlsv1
    try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 3058, in test_protocol_tlsv1_1
    try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, False)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

======================================================================
ERROR: test_protocol_tlsv1_2 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.2 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 3079, in test_protocol_tlsv1_2
    try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv2, False)
  File "/home/benjamin/dev/python/cpython/Lib/test/test_ssl.py", line 2521, in try_protocol_combo
    client_context = ssl.SSLContext(client_protocol)
  File "/home/benjamin/dev/python/cpython/Lib/ssl.py", line 388, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [SSL: NO_CIPHER_MATCH] no cipher match (_ssl.c:3008)

----------------------------------------------------------------------

----------
assignee: christian.heimes
components: SSL
messages: 325304
nosy: benjamin.peterson, christian.heimes
priority: normal
severity: normal
status: open
title: test_ssl fails if SSLv2 is enabled
type: behavior
versions: Python 3.8

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34669>
_______________________________________

More information about the Python-bugs-list mailing list