Hi, AFAIU the crux of the issue is that the behaviour on Ubuntu differs from upstream and is not programmatically discoverable.
OpenSSL 3.2 (which is not released yet and will most likely not be used in Ubuntu 24.04) switches to seclevel 2 and also has a different meaning for it. It's (almost?) completely in line with what Ubuntu does. The story is actually a bit more complicated because upstream wanted to change this before 3.2 (not sure anymore if that was planned for 3.1 or 3.0) and some changes happened but not others, and it's difficult to track that now. Considering this bug is more than two years old and considering where we're heading, I think I'm going to mark this bug as won't fix. Ubuntu will continue to use 3.0 until the next openssl LTS release and the behavior is not expected to change. When the next openssl LTS release happens, Ubuntu will start using it soon after and the meaning of seclevel should be unchanged from upstream again (no guarantee though since I don't control openssl upstream). The function mentioned by Dimitry also looks interesting if something finer grained is needed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1899878 Title: Python's test_ssl fails starting from Ubuntu 20.04 Status in openssl package in Ubuntu: Incomplete Bug description: Please take a look at https://bugs.python.org/issue41561. Developers who work on Python think that the issue is due to a change in Ubuntu 20.04 that is best described by https://bugs.python.org/issue41561#msg378089: "It sounds like a Debian/Ubuntu patch is breaking an assumption. Did somebody report the bug with Debian/Ubuntu maintainers of OpenSSL already? Fedora also configures OpenSSL with minimum protocol version of TLS 1.2. The distribution does it in a slightly different way that makes the restriction discoverable and that is compatible with Python's test suite." To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
