mirror of
https://github.com/scylladb/scylladb.git
synced 2026-06-03 21:47:10 +00:00
a9b383f423
The existing test_ssl.py which tests for Scylla's support of various TLS and SSL versions, used a deprecated and misleading Python API for choosing the protocol version. In particular, the protocol version ssl.PROTOCOL_SSLv23 is *not*, despite it's name, SSL versions 2 or 3, or SSL at all - it is in fact an alias for the latest TLS version :-( This misunderstanding led us to open the incorrect issue #8837. So in this patch, we avoid the old Python APIs for choosing protocols, which were gradually deprecated, and switch to the new API introduced in Python 3.7 and OpenSSL 1.1.0g - supplying the minimum and maximum desired protocol version. With this new API, we can correctly connect with various versions of the SSL and TLS protocol - between SSLv3 through TLSv1.3. With the fixed test, we confirm that Scylla does *not* allow SSLv3 - as desired - so issue #8837 is a non-issue. Moreover, after issue #8827 was already fixed, this test now passes, so the "xfail" mark is removed. Refs #8837. Refs #8827. Signed-off-by: Nadav Har'El <nyh@scylladb.com> Message-Id: <20210617134305.173034-1-nyh@scylladb.com>