Tomas Hozza
2018-08-10 12:51:09 UTC
In Fedora, we are implementing crypto policies, in order to enhance the
security of user systems. This is done on the system level by global
configuration. It may happen that due to the active policy, only
TLSv1.2 or higher will be available in crypto libraries. While wget as
a client will by default determine the minimal TLS version supported by
both client and server, the HTTPS server implementation in testenv/
hardcodes use of TLSv1. As a result all HTTPS related tests fail in
case a more hardened crypto policy is set on the Fedora system.
This change removes the explicit TLS version setting and leaves the
determination of the minimal supported TLS version on the server and
client.
More information about Fedora change can be found here:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
Signed-off-by: Tomas Hozza <***@redhat.com>
---
testenv/server/http/http_server.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/testenv/server/http/http_server.py b/testenv/server/http/http_server.py
index 434666dd..6d8fc9e8 100644
--- a/testenv/server/http/http_server.py
+++ b/testenv/server/http/http_server.py
@@ -49,7 +49,6 @@ class HTTPSServer(StoppableHTTPServer):
'server-key.pem'))
self.socket = ssl.wrap_socket(
sock=socket.socket(self.address_family, self.socket_type),
- ssl_version=ssl.PROTOCOL_TLSv1,
certfile=CERTFILE,
keyfile=KEYFILE,
server_side=True
security of user systems. This is done on the system level by global
configuration. It may happen that due to the active policy, only
TLSv1.2 or higher will be available in crypto libraries. While wget as
a client will by default determine the minimal TLS version supported by
both client and server, the HTTPS server implementation in testenv/
hardcodes use of TLSv1. As a result all HTTPS related tests fail in
case a more hardened crypto policy is set on the Fedora system.
This change removes the explicit TLS version setting and leaves the
determination of the minimal supported TLS version on the server and
client.
More information about Fedora change can be found here:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
Signed-off-by: Tomas Hozza <***@redhat.com>
---
testenv/server/http/http_server.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/testenv/server/http/http_server.py b/testenv/server/http/http_server.py
index 434666dd..6d8fc9e8 100644
--- a/testenv/server/http/http_server.py
+++ b/testenv/server/http/http_server.py
@@ -49,7 +49,6 @@ class HTTPSServer(StoppableHTTPServer):
'server-key.pem'))
self.socket = ssl.wrap_socket(
sock=socket.socket(self.address_family, self.socket_type),
- ssl_version=ssl.PROTOCOL_TLSv1,
certfile=CERTFILE,
keyfile=KEYFILE,
server_side=True
--
2.17.1
2.17.1