Hey, this issue will be fixed in OpenSSL 1.1.1 with an SSL_OP_NO_ENCRYPT_THEN_MAC option and I can work around it in OpenSSL 1.1.0 by forcing the use of a stream cipher.
I'm currently calling set_ciphers('AESGCM:AESCCM:CHACHA20:!aNULL') on
the SSLContext. That requires the server to support any of them, of
course (works for me so far), so I still don't think linking libpython
to OpenSSL 1.1.0 is a good idea in general.
Regards
