Charalampos Stratakis <cstra...@redhat.com> added the comment:
It seems I can reproduce it on Fedora as well by setting stronger crypto defaults through 'update-crypto-policies --set FUTURE'. Repo located here: https://gitlab.com/redhat-crypto/fedora-crypto-policies/tree/master The changes are many, but if I compare with RHEL8, the minimal changes that could affect it are: -# DH params size: >= 1023 +# DH params size: >= 2048 -# TLS protocols: TLS >= 1.0 +# TLS protocols: TLS >= 1.2, DTLS >= 1.2 -@protocol_list = ('TLS1.3', 'TLS1.2', 'TLS1.1', 'TLS1.0', 'DTLS1.2', 'DTLS1.0'); +@protocol_list = ('TLS1.3', 'TLS1.2', 'DTLS1.2'); - $min_tls_version = 'TLS1.0'; - min_dtls_version = 'DTLS1.0'; + $min_tls_version = 'TLS1.2'; + $min_dtls_version = 'DTLS1.2'; # Parameter sizes - $min_dh_size = 1023; + $min_dh_size = 2048; ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35352> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
