[Python-modules-team] Bug#907807: After upgrading to OpenSSL 1.1.1, many sites are unreachable
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat Sep 29 18:07:18 BST 2018
On 2018-09-05 10:30:23 [-0400], Antoine Beaupré wrote:
> Control: block 907807 by 907015
>
> On 2018-09-05 15:53:46, Vincent Bernat wrote:
> > ❦ 5 septembre 2018 09:30 -0400, Antoine Beaupré <anarcat at orangeseeds.org>:
> >
> >> So I've forwarded the bug upstream to see if we can get a hint there. I
> >> originally thought this was a 1.1 transition problem, but as it turns
> >> out, linkchecker loads those sites fine in buster, which still has
> >> 1.1.0.
> >
> > It's 1.1.1 which comes with more strict checks on everything. I think
> > there is a metabug about this:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907015
>
> I see. So I guess this blocks that then, adding to the pile.
but why?
| - ones without SNI
huh. If linkchecker is lacking SNI support than please add this to
linkcheker. Once this is done, I can a versioned break to libssl.
Otherwise I don't understand.
| - ones with DH parameters too small
| - ones using TLS 1.0
| - ones still using SHA1 for the signature (get.adobe.com)
This is a limitation of the remote site. You can either get the remote
site fix it (TLS1.0 in 2018, srsly?) or override the default openssl
policy (please consider this as the last resort).
> A.
Sebastian
More information about the Python-modules-team
mailing list