{{ message }}
bpo-41561: Add workaround for Ubuntu's custom security level#24915
Merged
miss-islington merged 2 commits intoMar 18, 2021
Merged
bpo-41561: Add workaround for Ubuntu's custom security level#24915miss-islington merged 2 commits into
miss-islington merged 2 commits into
Conversation
Member
Sorry, something went wrong.
tiran
force-pushed
the
bpo-41561-ubuntu-ssl
branch
2 times, most recently
from
c5881ef to
23ee4b1
Compare
March 18, 2021 10:24
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: https://bugs.python.org/issue43382 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org>
tiran
force-pushed
the
bpo-41561-ubuntu-ssl
branch
from
23ee4b1 to
6a96b30
Compare
March 18, 2021 10:28
tiran
commented
Mar 18, 2021
brandtbucher
approved these changes
Mar 18, 2021
brandtbucher
left a comment
brandtbucher
left a comment
Member
There was a problem hiding this comment.
I know very little nothing about OpenSSL/TLS, but the rest looks good!
Sorry, something went wrong.
gpshead
approved these changes
Mar 18, 2021
Contributor
|
Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8, 3.9. |
Sorry, something went wrong.
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Mar 18, 2021
…H-24915) Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit f6c6b58) Co-authored-by: Christian Heimes <christian@python.org>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Mar 18, 2021
…H-24915) Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit f6c6b58) Co-authored-by: Christian Heimes <christian@python.org>
Contributor
|
Sorry, @tiran, I could not cleanly backport this to |
Sorry, something went wrong.
miss-islington
added a commit
that referenced
this pull request
Mar 18, 2021
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit f6c6b58) Co-authored-by: Christian Heimes <christian@python.org>
miss-islington
added a commit
that referenced
this pull request
Mar 18, 2021
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit f6c6b58) Co-authored-by: Christian Heimes <christian@python.org>
tiran
added a commit
to tiran/cpython
that referenced
this pull request
Mar 18, 2021
…ythonGH-24915) Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit f6c6b58) Co-authored-by: Christian Heimes <christian@python.org>
jab
added a commit
to jab/cpython
that referenced
this pull request
Mar 20, 2021
* master: (129 commits) bpo-43452: Micro-optimizations to PyType_Lookup (pythonGH-24804) bpo-43517: Fix false positive in detection of circular imports (python#24895) bpo-43494: Make some minor changes to lnotab notes (pythonGH-24861) Mention that code.co_lnotab is deprecated in what's new for 3.10. (python#24902) bpo-43244: Remove symtable.h header file (pythonGH-24910) bpo-43466: Add --with-openssl-rpath configure option (pythonGH-24820) Fix a typo in c-analyzer (pythonGH-24468) bpo-41561: Add workaround for Ubuntu's custom security level (pythonGH-24915) bpo-43521: Allow ast.unparse with empty sets and NaN (pythonGH-24897) bpo-43244: Remove the PyAST_Validate() function (pythonGH-24911) bpo-43541: Fix PyEval_EvalCodeEx() regression (pythonGH-24918) bpo-43244: Fix test_peg_generators on Windows (pythonGH-24913) bpo-39342: Expose X509_V_FLAG_ALLOW_PROXY_CERTS in ssl module (pythonGH-18011) bpo-43244: Fix test_peg_generator for PyAST_Validate() (pythonGH-24912) bpo-42128: Add 'missing :' syntax error message to match statements (pythonGH-24733) bpo-43244: Add pycore_ast.h header file (pythonGH-24908) bpo-43244: Rename pycore_ast.h to pycore_ast_state.h (pythonGH-24907) Remove unnecessary imports in the grammar parser (pythonGH-24904) bpo-35883: Py_DecodeLocale() escapes invalid Unicode characters (pythonGH-24843) Add PEP 626 to what's new in 3.10. (python#24892) ...
ned-deily
pushed a commit
that referenced
this pull request
May 3, 2021
…H-24915) (GH-24928) Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit f6c6b58) Co-authored-by: Christian Heimes <christian@python.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reviewers
Assignees
6 participants
This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level
2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow
TLS 1.0 and 1.1 on security level 2.
See: https://bugs.python.org/issue43382
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue41561
Automerge-Triggered-By: GH:tiran