Bug 1761403
Summary: | python-requests / urllib3: Enable post-handshake authentication for TLS 1.3 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Christian Heimes <cheimes> |
Component: | python-urllib3 | Assignee: | Fedora Infrastructure SIG <infra-sig> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 30 | CC: | aurelien, carl, infra-sig, jcline, jeremy |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-22 19:42:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Christian Heimes
2019-10-14 10:48:04 UTC
The fix is available in urllib3 1.25.4. The fix requires Python 3.7.4 or newer with fix https://bugs.python.org/issue37428 . Could you please update urllib3 to 1.25.5 or newer on Fedora 30, 31, and rawhide? 1.25.3 does not support TLS 1.3 post-handshake authentication and blocks FreeIPA from using TLS 1.3. Gah, sorry, I got distracted while building it and never filed updates. I probably need to start dropping packages I claim to maintain, but don't really. Anyway, I filed updates for f31 and f30. I can't seem to associate this bug with the bodhi update (I guess the new bodhi broke a lot of stuff). Sorry again for the delay. The update is broken because the python-requests depends on python3.7dist(urllib3) < 1.25, see https://bodhi.fedoraproject.org/updates/FEDORA-2019-9ca3bd3d44#comment-1135346 It's a problem with python-requests 2.21 on Fedora 30. The dist git for F30 has been updated to 2.22, but the update was never built and pushed to stable. This looks to be resolved now with python-urllib3-1.25.7-1.fc30 and python-requests-2.22.0-2.fc30 available. |