Public bug reported: python-eventlet=0.18.4-1ubuntu1 (xenial) is applying the d/p/set- defaults-to-be-tlsv1-not-sslv23.patch to set defaults to be tlsv1 not sslv23
This will prevent xenial users from using tlsv1_1 and tlsv1_2, so I think we should set defaults to be sslv23 not tlsv1. python-eventlet=0.19.0-2 started to the same thing as well, but can xenial users also enjoy these benefits? BTW, xenial uses openssl=1.0.2g-1ubuntu4.17, so according to the page [2] after openssl 1.0.0 an SSLv23 client would not attempt SSLv2 connections so it just brings tlsv1_0, tlsv1_1 and tlsv1_2, it's more convenient and safer than just having tlsv1_0. and the upstream is also using sslv23 as well [3]. [1] https://launchpad.net/ubuntu/+source/python-eventlet/0.19.0-2 [2] https://docs.python.org/2/library/ssl.html#socket-creation [3] https://github.com/eventlet/eventlet/blob/v0.18.4/eventlet/green/ssl.py#L51 ** Affects: python-eventlet (Ubuntu) Importance: Undecided Status: New ** Affects: python-eventlet (Ubuntu Xenial) Importance: Undecided Status: New ** Tags: sts ** Tags added: sts ** Description changed: python-eventlet=0.18.4-1ubuntu1 (xenial) is applying the d/p/set- defaults-to-be-tlsv1-not-sslv23.patch to set defaults to be tlsv1 not sslv23 This will prevent xenial users from using tlsv1_1 and tlsv1_2, so I think we should set defaults to be sslv23 not tlsv1. python-eventlet=0.19.0-2 started to the same thing as well, but can xenial users also enjoy these benefits? BTW, xenial uses openssl=1.0.2g-1ubuntu4.17, so according to the page [2] after openssl 1.0.0 an SSLv23 client would not attempt SSLv2 connections so it just brings tlsv1_0, tlsv1_1 and tlsv1_2, it's more - convenient and safer than just having tlsv1_0 + convenient and safer than just having tlsv1_0. and the upstream is also + using sslv23 as well [3]. [1] https://launchpad.net/ubuntu/+source/python-eventlet/0.19.0-2 [2] https://docs.python.org/2/library/ssl.html#socket-creation + [3] https://github.com/eventlet/eventlet/blob/v0.18.4/eventlet/green/ssl.py#L51 ** Also affects: python-eventlet (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1904988 Title: set defaults to be sslv23 not tlsv1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-eventlet/+bug/1904988/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
