Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code #94312

Merged
merged 1 commit into from
Jun 28, 2022
Merged

gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code #94312

merged 1 commit into from
Jun 28, 2022

Conversation

vstinner
Copy link
Member

@vstinner vstinner commented Jun 26, 2022

Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2
was already removed in Python 3.10.

In test_ssl, @requires_tls_version('SSLv2') always returned False.

Extract of the removed code: "OpenSSL has removed support for SSLv2".

Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2
was already removed in Python 3.10.

In test_ssl, @requires_tls_version('SSLv2') always returned False.

Extract of the removed code: "OpenSSL has removed support for SSLv2".
@vstinner
Copy link
Member Author

vstinner added the skip news label now

The only effect for end users is the removal of the documentation. The ssl.PROTOCOL_SSLv2 constant was already removed in Python 3.10.

@vstinner
Copy link
Member Author

On Fedora 36, OPENSSL_NO_SSL3 is defined by /usr/include/openssl/configuration-x86_64.h. This file is documented as:

OpenSSL was configured with the following options

It seems like disabling SSLv3 is still a configuration option in OpenSSL 3.0.3.

For me, it's not obvious that Python no longer supports SSLv3. It seems to depend if SSLv3 was disabled in OpenSSL configuration (when OpenSSL was built).

Python ssl.SSLContext() sets SSL_OP_NO_SSLv3 option, unless protocol=PY_SSL_VERSION_SSL3.

@vstinner
Copy link
Member Author

cc @tiran

@vstinner vstinner merged commit 600c65c into python:main Jun 28, 2022
@vstinner vstinner deleted the ssl_v2 branch June 28, 2022 11:57
@vstinner
Copy link
Member Author

Follow-up: issue #94377 "ssl: Drop support for unsafe SSLv3 protocol, remove ssl.PROTOCOL_SSLv3".

gvanrossum pushed a commit to gvanrossum/cpython that referenced this pull request Jun 30, 2022
Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2
was already removed in Python 3.10.

In test_ssl, @requires_tls_version('SSLv2') always returned False.

Extract of the removed code: "OpenSSL has removed support for SSLv2".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants