|
|
62af7d |
From 8990d706da3e32b12debd9b8dea7b42134631770 Mon Sep 17 00:00:00 2001
|
|
|
62af7d |
From: Tomas Hozza <thozza@redhat.com>
|
|
|
62af7d |
Date: Fri, 10 Aug 2018 14:32:13 +0200
|
|
|
62af7d |
Subject: [PATCH] Don't limit the test suite HTTPS server to TLSv1
|
|
|
62af7d |
|
|
|
62af7d |
In Fedora, we are implementing crypto policies, in order to enhance the
|
|
|
62af7d |
security of user systems. This is done on the system level by global
|
|
|
62af7d |
configuration. It may happen that due to the active policy, only
|
|
|
62af7d |
TLSv1.2 or higher will be available in crypto libraries. While wget as
|
|
|
62af7d |
a client will by default determine the minimal TLS version supported by
|
|
|
62af7d |
both client and server, the HTTPS server implementation in testenv/
|
|
|
62af7d |
hardcodes use of TLSv1. As a result all HTTPS related tests fail in
|
|
|
62af7d |
case a more hardened crypto policy is set on the Fedora system.
|
|
|
62af7d |
|
|
|
62af7d |
This change removes the explicit TLS version setting and leaves the
|
|
|
62af7d |
determination of the minimal supported TLS version on the server and
|
|
|
62af7d |
client.
|
|
|
62af7d |
|
|
|
62af7d |
More information about Fedora change can be found here:
|
|
|
62af7d |
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
|
|
|
62af7d |
|
|
|
62af7d |
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
|
|
62af7d |
---
|
|
|
62af7d |
testenv/server/http/http_server.py | 1 -
|
|
|
62af7d |
1 file changed, 1 deletion(-)
|
|
|
62af7d |
|
|
|
62af7d |
diff --git a/testenv/server/http/http_server.py b/testenv/server/http/http_server.py
|
|
|
62af7d |
index 434666dd..6d8fc9e8 100644
|
|
|
62af7d |
--- a/testenv/server/http/http_server.py
|
|
|
62af7d |
+++ b/testenv/server/http/http_server.py
|
|
|
62af7d |
@@ -49,7 +49,6 @@ class HTTPSServer(StoppableHTTPServer):
|
|
|
62af7d |
'server-key.pem'))
|
|
|
62af7d |
self.socket = ssl.wrap_socket(
|
|
|
62af7d |
sock=socket.socket(self.address_family, self.socket_type),
|
|
|
62af7d |
- ssl_version=ssl.PROTOCOL_TLSv1,
|
|
|
62af7d |
certfile=CERTFILE,
|
|
|
62af7d |
keyfile=KEYFILE,
|
|
|
62af7d |
server_side=True
|
|
|
62af7d |
--
|
|
|
62af7d |
2.17.1
|
|
|
62af7d |
|