[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures
Christian Heimes
report at bugs.python.org
Thu Jul 2 04:02:25 EDT 2020
Christian Heimes <lists at cheimes.de> added the comment:
test_ssl_36_branch just contains "1 test failed: test_ssl". Could you please attach a verbose run?
The problems are caused by security policy. We had similar issues in Fedora.
- Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security
level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions
below 1.2 and update documentation. Previous default of 1, can be set
by calling SSL_CTX_set_security_level(), SSL_set_security_level() or
using ':@SECLEVEL=1' CipherString value in openssl.cfg.
I can fix "SSL: DH_KEY_TOO_SMALL" in another PR. The other issues are harder to fix.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41183>
_______________________________________
More information about the Python-bugs-list
mailing list