Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#73549 - [python] Allow using system-wide openssl config instead of the hardcoded Python's list of ciphers
Attached to Project:
Arch Linux
Opened by Michał Sałaban (emesik) - Saturday, 29 January 2022, 16:37 GMT
Last edited by Antonio Rojas (arojas) - Saturday, 29 January 2022, 17:01 GMT
Opened by Michał Sałaban (emesik) - Saturday, 29 January 2022, 16:37 GMT
Last edited by Antonio Rojas (arojas) - Saturday, 29 January 2022, 17:01 GMT
|
DetailsSince Python 3.10 there's a hardcoded default list of openssl ciphers specified when initializing the SSL/TLS layer.
By adding `--with-ssl-default-suites=openssl` option to the `./configure` script, it allows Python to use the system-wide OpenSSL configuration, which is much more convenient. Especially regarding to SECLEVEL setting and problems reported by users, like: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level The solution described above doesn't work in Arch because of hardcoded list of capabilities. |
This task depends upon
Comment by Kai (halan) -
Thursday, 03 March 2022, 23:54 GMT
What was the rationale for adding this hardcoded list? This seems quite dangerous as increasing the systems-wide security level will not affect any python applications.
Comment by loqs (loqs) -
Friday, 04 March 2022, 00:16 GMT
@halan https://bugs.python.org/issue43998