[issue41183] Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures
Larry Hastings
report at bugs.python.org
Wed Jul 1 10:35:46 EDT 2020
New submission from Larry Hastings <larry at hastings.org>:
I'm testing 3.5.10rc1 on a freshly installed Linux (Pop!_OS 20.04), and I'm getting a lot of these test failures:
ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951)
Apparently the 2048 keys used in the tests are considered "too small" with brand-new builds of the SSL library.
Christian: you upgraded the test suite keys to 3072 bits back in 2018 (issue #34542), but didn't backport this as far as 3.5 because it was in security-fixes-only mode. I experimented with taking your patch to 3.6 and applying it to 3.5, but 80% of the patches didn't apply cleanly. Could you either backport this upgrade to 3.5 (I'll happily accept the PR), or advise me on how to otherwise mitigate the problem? I don't really want to turn off all those tests. Thanks!
----------
assignee: christian.heimes
components: Tests
messages: 372755
nosy: christian.heimes, larry
priority: high
severity: normal
stage: needs patch
status: open
title: Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures
type: crash
versions: Python 3.5
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41183>
_______________________________________
More information about the Python-bugs-list
mailing list