granicus.if.org Git - python/commit

bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (GH-5663)

* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 05d9fe32a1245b9a798e49e0c1eb91f110935b69)

Co-authored-by: Christian Heimes <christian@python.org>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Tue, 27 Feb 2018 08:17:49 +0000 (00:17 -0800)
committer	GitHub <noreply@github.com>
	Tue, 27 Feb 2018 08:17:49 +0000 (00:17 -0800)
commit	2614ed4c6e4b32eafb683f2378ed20e87d42976d
tree	ed73cefdac78deb9c099329af514d90ee1ad3094	tree \| snapshot
parent	a93e3dc236279692eaf50b91d358da5983983b14	commit \| diff

Doc/library/ssl.rst		diff \| blob \| history
Doc/whatsnew/3.7.rst		diff \| blob \| history
Lib/test/test_asyncio/utils.py		diff \| blob \| history
Lib/test/test_ftplib.py		diff \| blob \| history
Lib/test/test_poplib.py		diff \| blob \| history
Lib/test/test_ssl.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2018-02-25-13-06-21.bpo-32947.mqStVW.rst	[new file with mode: 0644]	blob
Modules/_ssl.c		diff \| blob \| history
Tools/ssl/multissltests.py		diff \| blob \| history