Fedora Account System
Red Hat Associate
Red Hat Customer
ssl.PROTOCOL_TLSv1_2 are no longer available, despite still being mentioned in the help: Reproducible: Always Actual Results: With python3-3.15.0~b3-1.fc45.x86_64: # python3.15 -c 'import ssl; print(ssl.PROTOCOL_TLSv1_2)' Traceback (most recent call last): File "<string>", line 1, in <module> import ssl; print(ssl.PROTOCOL_TLSv1_2) ^^^^^^^^^^^^^^^^^^^^ AttributeError: module 'ssl' has no attribute 'PROTOCOL_TLSv1_2'. Did you mean '.PROTOCOL_TLS' instead of '.PROTOCOL_TLSv1_2'? # pydoc3.15 ssl | grep PROTOCOL_TLSv1_2 PROTOCOL_TLSv1_2 # Expected Results: With python3.15-3.15.0~b3-1.fc44.x86_64: mk@lone:~/hg$ python3.15 -c 'import ssl; print(ssl.PROTOCOL_TLSv1_2)' 5 Additional Information: For some reason _ssl no longer has this ... but it has PROTO_TLSv1_2
This seems to be caused by https://fedoraproject.org/wiki/Changes/OpenSSL40 On Fedora 43 with python3.15-3.15.0~b3-1.fc43: $ python3.15 -c 'import ssl; print(ssl.OPENSSL_VERSION); print(ssl.PROTOCOL_TLSv1_2)' OpenSSL 3.5.7 9 Jun 2026 5 On rawhide with python3.15-3.15.0~b3-1.fc45: $ python3.15 -c 'import ssl; print(ssl.OPENSSL_VERSION); print(ssl.PROTOCOL_TLSv1_2)' OpenSSL 4.0.1 9 Jun 2026 Traceback (most recent call last): File "<string>", line 1, in <module> import ssl; print(ssl.OPENSSL_VERSION); print(ssl.PROTOCOL_TLSv1_2) ^^^^^^^^^^^^^^^^^^^^ AttributeError: module 'ssl' has no attribute 'PROTOCOL_TLSv1_2'. Did you mean '.PROTOCOL_TLS' instead of '.PROTOCOL_TLSv1_2'?
https://openssl-library.org/post/2026-04-14-openssl-40-final-release/ does not seem to indicate TLS 1.2 support was removed, so perhaps something is wrong :/
https://github.com/python/cpython/commit/3364e7e62fa24d0e19133fb0f90b1c24ef1110c5 says: OpenSSL 4.0.0 alpha1 no longer defines the symbols: SSLv3_method TLSv1_method TLSv1_1_method TLSv1_2_method I'll check if this is still the case.
Trying to revert that leads to: undefined symbol: TLSv1_2_method, which indeed seems to have been removed from OpenSSL 4.
Hi. > ssl.PROTOCOL_TLSv1_2 are no longer available, despite still being mentioned in the help: Ah right, there are still references to ssl.PROTOCOL_TLSv1_2 and other removed protocols in Lib/ssl.py. Well, don't trust the documentation on this point, the doc is outdated :-) When Python 3.15 is built with OpenSSL 4, protocols older than TLSv1.3 are removed. OpenSSL 4 removed multiple deprecated legacy protocols: SSLv3_method(), TLSv1_method(), TLSv1_1_method() and TLSv1_2_method() are documented in removed APIs (doc/man7/ossl-removed-api.pod). These removals are confirmed by the porting guide (doc/man7/ossl-guide-migration.pod in the "Removal of fixed (D)TLS version method functions" section). ssl.PROTOCOL_TLS_CLIENT or ssl.PROTOCOL_TLS_SERVER should now be used instead.
Ok, thanks. The drop of TLS 1.2 support came as a surprise to me, and it was not trivial to diagnose when pydoc and https://docs.python.org/3.15/library/ssl.html also still doesn't mention these OpenSSL 4.0 changes. So the change is intentional, and now I know what is going on and can work around it. The only problem is the outdated documentation and the problems it might cause others. I don't know if that is worth tracking here. FWIW, Mercurial will need some related changes.
I opened https://github.com/python/cpython/issues/152709
BTW We see this in python-urllib3 as well: + /usr/bin/pytest -v -rs -k 'not (TestHTTPProxyManager and test_tunneling_proxy_request_timeout[https-https])' ImportError while loading conftest '/builddir/build/BUILD/python-urllib3-2.7.0-build/urllib3-2.7.0/test/conftest.py'. test/__init__.py:42: in <module> import urllib3.contrib.pyopenssl as pyopenssl ../BUILDROOT/usr/lib/python3.15/site-packages/urllib3/contrib/pyopenssl.py:72: in <module> ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, ^^^^^^^^^^^^^^^^^^ E AttributeError: module 'ssl' has no attribute 'PROTOCOL_TLSv1'. Did you mean '.PROTOCOL_TLS' instead of '.PROTOCOL_TLSv1'?