Barry A. Warsaw <ba...@python.org> added the comment: On Oct 25, 2011, at 09:56 AM, Antoine Pitrou wrote:
> >Antoine Pitrou <pit...@free.fr> added the comment: > >> It looks like it's been this way for a long time too. > >But tests have always passed here using OpenSSL 1.0.0. Right, sorry, what I meant was this particular behavior (switching to SSLv3 client hello when SSLv2 is disabled) appears to have been in upstream openssl since about 2005. What's changed recently is that instead of patching openssl to disable SSLv2 (and thereby not triggering the client hello switch), Debian has started to use the no-ssl Configure option, which is what probably started allowing this test to unexpectedly succeed. >> It's probably too difficult, and not really Python's responsibility, >> to determine whether SSL_OP_NO_SSLv2 is set. > >See http://docs.python.org/dev/library/ssl.html#ssl.SSLContext.options Interesting, thanks for the pointer. >> Rather, I think the test is simply bogus and should be disabled or >> removed. > >I think it would be good to keep a simplified/minimal (and, of course, >working :-)) version of these tests. >Patches welcome, anyway. I can't really test with Debian's OpenSSL. I'll work up a patch. -Barry ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13218> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
