Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecate negotiating TLSv1 and TLSv1.1 by default #2002

Merged
merged 3 commits into from Oct 7, 2020

Conversation

sethmlarson
Copy link
Member

Closes #1990

@pquentin
Copy link
Member

The approach looks good, thanks! This breaks other tests, though, we'd have to fix that first

@sethmlarson
Copy link
Member Author

@pquentin Yeah I couldn't run the TLS<1.2 tests on my local machine because Ubuntu disables it via OpenSSL config now (:tada:) and upon seeing how many failures there were threw my hands up and said "another time!" :)

@codecov
Copy link

codecov bot commented Oct 2, 2020

Codecov Report

❗ No coverage uploaded for pull request base (master@6d38f17). Click here to learn what that means.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #2002   +/-   ##
=========================================
  Coverage          ?   99.86%           
=========================================
  Files             ?       25           
  Lines             ?     2294           
  Branches          ?        0           
=========================================
  Hits              ?     2291           
  Misses            ?        3           
  Partials          ?        0           
Impacted Files Coverage Δ
src/urllib3/connection.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6d38f17...0803f6a. Read the comment docs.

@sethmlarson
Copy link
Member Author

@pquentin Ready for a review now that tests are passing. The macOS 3.8 failure is strange, I'm not seeing any logs?

@pquentin
Copy link
Member

pquentin commented Oct 2, 2020

If you click on "View raw logs", you can see that the failure is test_timeout_errors_cause_retries. Most of the flaky tests left are actually socket-level, and I don't know how to fix them properly yet. I'll re-run the tests.

The new warning makes running the TLS 1.0 and 1.1 tests quite noisy, is there a way to not display them in pytest?

@sethmlarson
Copy link
Member Author

Hmm that's true, we can potentially set ssl_version=... on them so it doesn't trigger the warning?

@pquentin
Copy link
Member

pquentin commented Oct 2, 2020

Yeah, if that sounds good to me if it's easy to do. (Sorry, haven't read the actual diff for now, I'm fighting with CI instead!)

Closing/reopening to rerun due to another socketlevel flaky test. (Tests are way more flaky when the US workday starts!)

@pquentin pquentin closed this Oct 2, 2020
@pquentin pquentin reopened this Oct 2, 2020
pquentin
pquentin previously approved these changes Oct 2, 2020
Copy link
Member

@pquentin pquentin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! This looks good, though I'd like to see what can be done to reduce the warnings shown when running tests.

@sethmlarson
Copy link
Member Author

@pquentin Yeah we might have to live with the noisiness for now, any other work-around is pretty painful. We'll get away from it after v2 though!

This was referenced Mar 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[v1.26] Deprecate TLS <1.2 on v1.26.x
2 participants