Skip to content

bpo-33618: Enable TLS 1.3 in tests#7079

Merged
tiran merged 1 commit intopython:masterfrom
tiran:tls13-misc
May 23, 2018
Merged

bpo-33618: Enable TLS 1.3 in tests#7079
tiran merged 1 commit intopython:masterfrom
tiran:tls13-misc

Conversation

@tiran
Copy link
Member

@tiran tiran commented May 23, 2018
edited by bedevere-bot
Loading

TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
openssl/openssl#6340) is required.

Signed-off-by: Christian Heimes [email protected]

https://bugs.python.org/issue33618

@tiran tiran requested review from a team, 1st1 and asvetlov as code owners May 23, 2018 18:13
@tiran tiran force-pushed the tls13-misc branch 2 times, most recently from 637d0fd to 847ccd9 Compare May 23, 2018 18:35
elprans
elprans reviewed May 23, 2018
View reviewed changes
Doc/library/ssl.rst Outdated
Copy link
Contributor

@elprans elprans May 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sent

@tiran
bpo-33618: Enable TLS 1.3 in tests
a526cc7 
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
openssl/openssl#6340) is required.

Signed-off-by: Christian Heimes <[email protected]>
@tiran
Copy link
Member Author

tiran commented May 23, 2018

Thanks Elvis, I fixed the typo.

@tiran tiran merged commit 529525f into python:master May 23, 2018
@miss-islington
Copy link
Contributor

miss-islington commented May 23, 2018

Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 2.7, 3.6, 3.7.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request May 23, 2018
@tiran @miss-islington
bpo-33618: Enable TLS 1.3 in tests (pythonGH-7079)
8e35291 
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
openssl/openssl#6340) is required.

Signed-off-by: Christian Heimes <[email protected]>
(cherry picked from commit 529525f)

Co-authored-by: Christian Heimes <[email protected]>
@bedevere-bot
Copy link

bedevere-bot commented May 23, 2018

GH-7082 is a backport of this pull request to the 3.7 branch.

@miss-islington
Copy link
Contributor

miss-islington commented May 23, 2018

Sorry, @tiran, I could not cleanly backport this to 3.6 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 529525fb5a8fd9b96ab4021311a598c77588b918 3.6

@miss-islington
Copy link
Contributor

miss-islington commented May 23, 2018

Sorry, @tiran, I could not cleanly backport this to 2.7 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 529525fb5a8fd9b96ab4021311a598c77588b918 2.7

@tiran tiran deleted the tls13-misc branch May 23, 2018 20:27
tiran pushed a commit that referenced this pull request May 23, 2018
@miss-islington @tiran
[3.7] bpo-33618: Enable TLS 1.3 in tests (GH-7079) (GH-7082)
72ef4fc 
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
openssl/openssl#6340) is required.

Signed-off-by: Christian Heimes <[email protected]>
(cherry picked from commit 529525f)
@stratakis
Copy link
Contributor

stratakis commented Nov 7, 2018
edited
Loading

The relevant fixes seem to have been backported for the 3.6 branch at #8760 . Could it be verified and have the respective label removed?

@duaneg duaneg mentioned this pull request Jun 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@1st1 1st1 Awaiting requested review from 1st1

@asvetlov asvetlov Awaiting requested review from asvetlov

1 more reviewer

@elprans elprans elprans left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@tiran tiran

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@tiran @miss-islington @bedevere-bot @stratakis @elprans @the-knights-who-say-ni