mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-07 23:51:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 20

[3.7] bpo-33618: Enable TLS 1.3 in tests (GH-7079) (GH-7082)

Browse source 
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 529525fb5a)
This commit is contained in:
Miss Islington (bot) 2018-05-23 13:49:04 -07:00 committed by Christian Heimes
parent 508d7693bc
commit 72ef4fc32b
9 changed files with 142 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Lib/test/test_asyncio/utils.py
View file

@ -74,8 +74,6 @@ def simple_server_sslcontext():
server_context.load_cert_chain(ONLYCERT, ONLYKEY)
server_context.check_hostname = False
server_context.verify_mode = ssl.CERT_NONE
# TODO: fix TLSv1.3 support
server_context.options |= ssl.OP_NO_TLSv1_3
return server_context