This is really just a problem with Ubuntu 20.04 and 20.10 (and maybe older/newer releases). The same tests are passing fine on latest Debian testing as well as Fedora. Debian testing and Fedora use a crypto policy that raises security level to 2 and disallows TLS 1.0 and 1.1. Python's test suite introspects OpenSSL settings and skips tests of disabled TLS versions.
There seems to be a major difference between Debian and Ubuntu's downstream patches of OpenSSL. Ubuntu's patch causes two problems 1) Python cannot figure out that TLS 1.0 and 1.1 are disabled on Ubuntu. The same code works fine on Debian and Fedora. 2) With some configuration, OpenSSL's SSL_do_handshake() function fails with an "internal error" message (SSL_AD_INTERNAL_ERROR / TLS1_AD_INTERNAL_ERROR) somewhere in its internal state machine. I suggest that you involve Kurt and look at the difference between Debian's downstream patch and Ubuntu's downstream patch. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1899878 Title: Python's test_ssl fails starting from Ubuntu 20.04 Status in openssl package in Ubuntu: Incomplete Bug description: Please take a look at https://bugs.python.org/issue41561. Developers who work on Python think that the issue is due to a change in Ubuntu 20.04 that is best described by https://bugs.python.org/issue41561#msg378089: "It sounds like a Debian/Ubuntu patch is breaking an assumption. Did somebody report the bug with Debian/Ubuntu maintainers of OpenSSL already? Fedora also configures OpenSSL with minimum protocol version of TLS 1.2. The distribution does it in a slightly different way that makes the restriction discoverable and that is compatible with Python's test suite." To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
