[Python-Dev] OpenSSL 1.1.1 fixes merged into Python 2.7

Victor Stinner vstinner at redhat.com
Fri Feb 15 12:51:58 EST 2019 

Hi,

I reviewed and merged pull requests written by my colleague
Charalampos Stratakis to backport OpenSSL 1.1.1 fixes into the future
Python 2.7.16. Benjamin Peterson (Python 2.7 release manager) wrote
me: "I would very much like to see 1.1.1 support in a Python 2.7
release." These changes are backports of Python 3.6 changes written by
Christian Heimes.

With these changes, Python 2.7 becomes more secure and should be
closer to Python 3.6 security.

I apologize for merging these changes late in 2.7.16 devcycle, but we
were very busy with higher priority issues :-( I hope that 2.7.16
release candidate will provide enough time to test properly these
changes (and fix regressions if any).

So far, I'm only aware of one issue on one specific buildbot worker,
but I'm not sure that the test failures are regressions caused by
merged ssl changes (the worker was offline for 1 month for an unknown
reason):
https://bugs.python.org/issue33570

Summary of the ssl changes:

(*) ssl.SSLContext is now created with secure default values. The
options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for
PROTOCOL_SSLv2), OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by
default. The initial cipher suite list contains only "HIGH" ciphers,
no "NULL" ciphers and no "MD5" ciphers (except for PROTOCOL_SSLv2).

(*) OpenSSL 1.1.1 has TLS 1.3 cipher suites enabled by default. The
suites cannot be disabled with SSLContext.set_ciphers().

(*) Add a new ssl.OP_ENABLE_MIDDLEBOX_COMPAT constant

(*) Tools/ssl/multissltests.py has been updated for OpenSSL 1.1.1.


I merged 4 changes into 2.7:

commit c49f63c1761ce03df7850b9e0b31a18c432dac64
Author: stratakis <cstratak at redhat.com>
Date:   Fri Feb 15 14:17:12 2019 +0100

    [2.7] bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)
(GH-8760) (GH-10607)

    Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
    1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
    default.

    Also update multissltests to test with latest OpenSSL.

    Signed-off-by: Christian Heimes <christian at python.org>.
    (cherry picked from commit 3e630c541b35c96bfe5619165255e559f577ee71)
    Co-authored-by: Christian Heimes <christian at python.org>

commit b8eaec697a2b5d9d2def2950a0aa50e8ffcf1059
Author: stratakis <cstratak at redhat.com>
Date:   Fri Feb 15 15:24:11 2019 +0100

    [2.7] bpo-28043: improved default settings for SSLContext (GH-10608)

    The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
    OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except
    for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3)
    are set by default. The initial cipher suite list contains only
    HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).

    (cherry picked from commit 358cfd426ccc0fcd6a7940d306602138e76420ae)

commit 28eb87f4f558952f259fada7be1ab5b31b8a91ef (upstream/2.7, 2.7)
Author: stratakis <cstratak at redhat.com>
Date:   Fri Feb 15 17:18:58 2019 +0100

    Fixup from test_ssl test_default_ecdh_curve (GH-11877)

    Partial backport from cb5b68abdeb1b1d56c581d5b4d647018703d61e3

    Co-authored-by: Christian Heimes <christian at python.org>

commit 2149a9ad7a9d39d7d680ec0fb602042c91057484 (HEAD -> 2.7, upstream/2.7)
Author: stratakis <cstratak at redhat.com>
Date:   Fri Feb 15 18:27:44 2019 +0100

    [2.7] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761) (GH-11876)

    Backport of TLS 1.3 related fixes from 3.7.

    Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
    master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
    default. Some test cases only apply to TLS 1.2.

    OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
    1.3. The feature is enabled by default for maximum compatibility with
    broken middle boxes. Users should be able to disable the hack and
CPython's test suite needs
    it to verify default options

    Signed-off-by: Christian Heimes <christian at python.org>
    (cherry picked from commit 2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826)


And there is a minor multissltests update that's going will be merged as well:
https://github.com/python/cpython/pull/11879

Victor
-- 
Night gathers, and now my watch begins. It shall not end until my death.

More information about the Python-Dev mailing list