Allow CPython test to handle TLS libraries lacking FFDHE ciphersuites #131050
Labels
Comments
|
cc @picnixz as a cryptography expert. |
4 tasks
picnixz
added a commit
that referenced
this issue
Mar 29, 2025
…uites (#131051) Co-authored-by: Bénédikt Tran <[email protected]>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Mar 29, 2025
…iphersuites (pythonGH-131051) (cherry picked from commit be2d218) Co-authored-by: Will Childs-Klein <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Mar 29, 2025
…iphersuites (pythonGH-131051) (cherry picked from commit be2d218) Co-authored-by: Will Childs-Klein <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]>
picnixz
added a commit
that referenced
this issue
Mar 29, 2025
…ciphersuites (GH-131051) (#131875) gh-131050: skip `test_dh_params` when TLS library lacks FFDHE ciphersuites (GH-131051) (cherry picked from commit be2d218) Co-authored-by: Will Childs-Klein <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]>
picnixz
added a commit
that referenced
this issue
Mar 29, 2025
…ciphersuites (GH-131051) (#131874) gh-131050: skip `test_dh_params` when TLS library lacks FFDHE ciphersuites (GH-131051) (cherry picked from commit be2d218) Co-authored-by: Will Childs-Klein <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]>
|
Thanks for the report & patch |
seehwan
pushed a commit
to seehwan/cpython
that referenced
this issue
Apr 16, 2025
…iphersuites (python#131051) Co-authored-by: Bénédikt Tran <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature or enhancement
Proposal:
Some cryptography TLS libraries, such as AWS-LC and BoringSSL, lack support for "finite field" ephemeral Diffie-Hellman (FFDHE) TLS ciphersuites. This causes failure
test_ssl.ThreadedTests.test_dh_paramswhen CPython is build against such libraries, as that test case assumes ciphersuite support of FFDHE. This issue proposes modifyingtest_dh_paramsto skip itself if the underlying TLS library does not support FFDHE.Has this already been discussed elsewhere?
I have already discussed this feature proposal on Discourse
Links to previous discussion of this feature:
This issue is very similar to a series of other test modifications discussed in
https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505/13
Linked PRs
test_dh_paramswhen TLS library lacks FFDHE ciphersuites (GH-131051) #131874test_dh_paramswhen TLS library lacks FFDHE ciphersuites (GH-131051) #131875The text was updated successfully, but these errors were encountered: