Skip to content

gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code #94312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 28, 2022
Merged

gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code #94312

merged 1 commit into from
Jun 28, 2022

Conversation

vstinner
Copy link
Member

@vstinner vstinner commented Jun 26, 2022
edited by bedevere-bot
Loading

Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2
was already removed in Python 3.10.

In test_ssl, @requires_tls_version('SSLv2') always returned False.

Extract of the removed code: "OpenSSL has removed support for SSLv2".

@vstinner
gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code
204e41e 
Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2
was already removed in Python 3.10.

In test_ssl, @requires_tls_version('SSLv2') always returned False.

Extract of the removed code: "OpenSSL has removed support for SSLv2".
@vstinner vstinner marked this pull request as ready for review June 26, 2022 23:37
@vstinner vstinner mentioned this pull request Jun 26, 2022
Merged
@vstinner
Copy link
Member Author

vstinner added the skip news label now

The only effect for end users is the removal of the documentation. The ssl.PROTOCOL_SSLv2 constant was already removed in Python 3.10.

@vstinner
Copy link
Member Author

On Fedora 36, OPENSSL_NO_SSL3 is defined by /usr/include/openssl/configuration-x86_64.h. This file is documented as:

OpenSSL was configured with the following options

It seems like disabling SSLv3 is still a configuration option in OpenSSL 3.0.3.

For me, it's not obvious that Python no longer supports SSLv3. It seems to depend if SSLv3 was disabled in OpenSSL configuration (when OpenSSL was built).

Python ssl.SSLContext() sets SSL_OP_NO_SSLv3 option, unless protocol=PY_SSL_VERSION_SSL3.

@vstinner
Copy link
Member Author

cc @tiran

@vstinner vstinner merged commit 600c65c into python:main Jun 28, 2022
@vstinner vstinner deleted the ssl_v2 branch June 28, 2022 11:57
@vstinner
Copy link
Member Author

Follow-up: issue #94377 "ssl: Drop support for unsafe SSLv3 protocol, remove ssl.PROTOCOL_SSLv3".

@vstinner vstinner mentioned this pull request Jun 28, 2022
Closed
gvanrossum pushed a commit to gvanrossum/cpython that referenced this pull request Jun 30, 2022
@vstinner @gvanrossum
pythongh-94172: Remove ssl.PROTOCOL_SSLv2 dead code (python#94312)
8e1bce0 
Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2
was already removed in Python 3.10.

In test_ssl, @requires_tls_version('SSLv2') always returned False.

Extract of the removed code: "OpenSSL has removed support for SSLv2".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

skip news

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vstinner @bedevere-bot