|
|
aa6d84 |
From 8990d706da3e32b12debd9b8dea7b42134631770 Mon Sep 17 00:00:00 2001
|
|
|
aa6d84 |
From: Tomas Hozza <thozza@redhat.com>
|
|
|
aa6d84 |
Date: Fri, 10 Aug 2018 14:32:13 +0200
|
|
|
aa6d84 |
Subject: [PATCH] Don't limit the test suite HTTPS server to TLSv1
|
|
|
aa6d84 |
|
|
|
aa6d84 |
In Fedora, we are implementing crypto policies, in order to enhance the
|
|
|
aa6d84 |
security of user systems. This is done on the system level by global
|
|
|
aa6d84 |
configuration. It may happen that due to the active policy, only
|
|
|
aa6d84 |
TLSv1.2 or higher will be available in crypto libraries. While wget as
|
|
|
aa6d84 |
a client will by default determine the minimal TLS version supported by
|
|
|
aa6d84 |
both client and server, the HTTPS server implementation in testenv/
|
|
|
aa6d84 |
hardcodes use of TLSv1. As a result all HTTPS related tests fail in
|
|
|
aa6d84 |
case a more hardened crypto policy is set on the Fedora system.
|
|
|
aa6d84 |
|
|
|
aa6d84 |
This change removes the explicit TLS version setting and leaves the
|
|
|
aa6d84 |
determination of the minimal supported TLS version on the server and
|
|
|
aa6d84 |
client.
|
|
|
aa6d84 |
|
|
|
aa6d84 |
More information about Fedora change can be found here:
|
|
|
aa6d84 |
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
|
|
|
aa6d84 |
|
|
|
aa6d84 |
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
|
|
aa6d84 |
---
|
|
|
aa6d84 |
testenv/server/http/http_server.py | 1 -
|
|
|
aa6d84 |
1 file changed, 1 deletion(-)
|
|
|
aa6d84 |
|
|
|
aa6d84 |
diff --git a/testenv/server/http/http_server.py b/testenv/server/http/http_server.py
|
|
|
aa6d84 |
index 434666dd..6d8fc9e8 100644
|
|
|
aa6d84 |
--- a/testenv/server/http/http_server.py
|
|
|
aa6d84 |
+++ b/testenv/server/http/http_server.py
|
|
|
aa6d84 |
@@ -49,7 +49,6 @@ class HTTPSServer(StoppableHTTPServer):
|
|
|
aa6d84 |
'server-key.pem'))
|
|
|
aa6d84 |
self.socket = ssl.wrap_socket(
|
|
|
aa6d84 |
sock=socket.socket(self.address_family, self.socket_type),
|
|
|
aa6d84 |
- ssl_version=ssl.PROTOCOL_TLSv1,
|
|
|
aa6d84 |
certfile=CERTFILE,
|
|
|
aa6d84 |
keyfile=KEYFILE,
|
|
|
aa6d84 |
server_side=True
|
|
|
aa6d84 |
--
|
|
|
aa6d84 |
2.17.1
|
|
|
aa6d84 |
|