bpo-44888: Add ssl.OP_LEGACY_SERVER_CONNECT by xtkoba · Pull Request #27776 · python/cpython (original) (raw)

Hi @xtkoba , just checking is this ssl.OP_LEGACY_SERVER_CONNECT issue already fixed in Python OpenSSL 3.0.0 side?

Source of Issue: https://bugs.python.org/issue44888

I've tried with configure with ssl.OP_LEGACY_SERVER_CONNECT in OpenSSL 3.0.0, but can't found this option as per error messages below:

---------------------------------------------------------------------------
AttributeError                            Traceback (most recent call last)
/tmp/ipykernel_182/1739907879.py in <module>
     37 hostname = '[www.python.org](https://www.python.org/)'
     38 context = ssl.create_default_context()
---> 39 context.options &= ~ssl.OP_LEGACY_SERVER_CONNECT
     40 
     41 with socket.create_connection((hostname, 443)) as sock:

AttributeError: module 'ssl' has no attribute 'OP_LEGACY_SERVER_CONNECT'

Checked also in Python OpenSSL 3.0.0 documentation (Link: https://docs.python.org/3/library/ssl.html), also can't found this option.

In this situation, what is best workaround solution for making OpenSSL 3.0.0 behave like 1.1.1 due to unable configure ssl.OP_LEGACY_SERVER_CONNECT as of now?

Thanks.

CC: @tiran