[3.7] bpo-41561: Add workaround for Ubuntu's custom security level (GH-24915) by tiran · Pull Request #24928 · python/cpython
Conversation
Member
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level
2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow
TLS 1.0 and 1.1 on security level 2.
See:
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625
Signed-off-by: Christian Heimes christian@python.org.
(cherry picked from commit f6c6b58)
Co-authored-by: Christian Heimes christian@python.org
…ythonGH-24915) Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit f6c6b58) Co-authored-by: Christian Heimes <christian@python.org>
Member
@tiran Technically, this change does not seem to meet the criteria for a release in its security-fix-only phase. But it seems reasonable enough to simplify CI issues etc. If we allow it for 3.7, then what about for 3.6 which is also still in its security-fix-only phase?
tiran
commented
Apr 17, 2021
tiran commented
Member Author
@ned-deily yeah, it makes sense to backport the workaround to 3.6, too.
ned-deily
commented
May 3, 2021
ned-deily commented
Member
Looking more closely at this, it does not backport cleanly to 3.6 and I don't think it's worth the effort.
64be96a
into
python:3.7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
4 participants
