© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
My understanding of things is that Ubuntu does this:
- Set the default security level to 2 (at compile time)
- Disable TLS 1.0 and 1.1 at security level 2, only keeping TLS 1.2 by default
This is what Debian does:
- Set the default security level to 2 (using a config file)
- Set the minimum version to TLS 1.2 (using a config file)
To be able to use TLS 1.0 on Ubuntu you need to:
- Change the security level to 1
To be able to use TLS 1.0 on Debian you need to:
- Set the minimum allowed version to TLS 1.0
My understanding of the issue is that python doesn't know which TLS version can be negotiated, and uses or overrides the minimum TLS version which happens to currently work on Debian. But for the test suite it should also override the security level.
Note that in upstream OpenSSL 3.0, TLS 1.0 and 1.1 no longer meet the requirements for security level 1, if you want to use TLS 1.0 in the test suite you need to set the security level to 0.