Skip to content

Commit 600c65c

Browse files
vstinnervstinner
authored
gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code (#94312)
Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2 was already removed in Python 3.10. In test_ssl, @requires_tls_version('SSLv2') always returned False. Extract of the removed code: "OpenSSL has removed support for SSLv2".
1 parent 4b854b7 commit 600c65c

File tree

3 files changed

+2
-68
lines changed

3 files changed

+2
-68
lines changed

Doc/library/ssl.rst

Lines changed: 2 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -645,21 +645,6 @@ Constants
645645

646646
Use :data:`PROTOCOL_TLS` instead.
647647

648-
.. data:: PROTOCOL_SSLv2
649-
650-
Selects SSL version 2 as the channel encryption protocol.
651-
652-
This protocol is not available if OpenSSL is compiled with the
653-
``no-ssl2`` option.
654-
655-
.. warning::
656-
657-
SSL version 2 is insecure. Its use is highly discouraged.
658-
659-
.. deprecated:: 3.6
660-
661-
OpenSSL has removed support for SSLv2.
662-
663648
.. data:: PROTOCOL_SSLv3
664649

665650
Selects SSL version 3 as the channel encryption protocol.
@@ -1438,11 +1423,10 @@ to speed up repeated connections from the same clients.
14381423
The context is created with secure default values. The options
14391424
:data:`OP_NO_COMPRESSION`, :data:`OP_CIPHER_SERVER_PREFERENCE`,
14401425
:data:`OP_SINGLE_DH_USE`, :data:`OP_SINGLE_ECDH_USE`,
1441-
:data:`OP_NO_SSLv2` (except for :data:`PROTOCOL_SSLv2`),
1426+
:data:`OP_NO_SSLv2`,
14421427
and :data:`OP_NO_SSLv3` (except for :data:`PROTOCOL_SSLv3`) are
14431428
set by default. The initial cipher suite list contains only ``HIGH``
1444-
ciphers, no ``NULL`` ciphers and no ``MD5`` ciphers (except for
1445-
:data:`PROTOCOL_SSLv2`).
1429+
ciphers, no ``NULL`` ciphers and no ``MD5`` ciphers.
14461430

14471431
.. deprecated:: 3.10
14481432

Lib/test/test_ssl.py

Lines changed: 0 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -208,10 +208,6 @@ def has_tls_version(version):
208208
:param version: TLS version name or ssl.TLSVersion member
209209
:return: bool
210210
"""
211-
if version == "SSLv2":
212-
# never supported and not even in TLSVersion enum
213-
return False
214-
215211
if isinstance(version, str):
216212
version = ssl.TLSVersion.__members__[version]
217213

@@ -3129,37 +3125,10 @@ def test_ssl_cert_verify_error(self):
31293125
self.assertIn(msg, repr(e))
31303126
self.assertIn('certificate verify failed', repr(e))
31313127

3132-
@requires_tls_version('SSLv2')
3133-
def test_protocol_sslv2(self):
3134-
"""Connecting to an SSLv2 server with various client options"""
3135-
if support.verbose:
3136-
sys.stdout.write("\n")
3137-
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
3138-
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
3139-
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
3140-
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False)
3141-
if has_tls_version('SSLv3'):
3142-
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
3143-
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
3144-
# SSLv23 client with specific SSL options
3145-
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
3146-
client_options=ssl.OP_NO_SSLv3)
3147-
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
3148-
client_options=ssl.OP_NO_TLSv1)
3149-
31503128
def test_PROTOCOL_TLS(self):
31513129
"""Connecting to an SSLv23 server with various client options"""
31523130
if support.verbose:
31533131
sys.stdout.write("\n")
3154-
if has_tls_version('SSLv2'):
3155-
try:
3156-
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv2, True)
3157-
except OSError as x:
3158-
# this fails on some older versions of OpenSSL (0.9.7l, for instance)
3159-
if support.verbose:
3160-
sys.stdout.write(
3161-
" SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
3162-
% str(x))
31633132
if has_tls_version('SSLv3'):
31643133
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False)
31653134
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True)
@@ -3197,8 +3166,6 @@ def test_protocol_sslv3(self):
31973166
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3')
31983167
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_OPTIONAL)
31993168
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_REQUIRED)
3200-
if has_tls_version('SSLv2'):
3201-
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
32023169
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLS, False,
32033170
client_options=ssl.OP_NO_SSLv3)
32043171
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
@@ -3211,8 +3178,6 @@ def test_protocol_tlsv1(self):
32113178
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1')
32123179
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
32133180
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
3214-
if has_tls_version('SSLv2'):
3215-
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
32163181
if has_tls_version('SSLv3'):
32173182
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
32183183
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLS, False,
@@ -3225,8 +3190,6 @@ def test_protocol_tlsv1_1(self):
32253190
if support.verbose:
32263191
sys.stdout.write("\n")
32273192
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
3228-
if has_tls_version('SSLv2'):
3229-
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, False)
32303193
if has_tls_version('SSLv3'):
32313194
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv3, False)
32323195
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLS, False,
@@ -3245,8 +3208,6 @@ def test_protocol_tlsv1_2(self):
32453208
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2',
32463209
server_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,
32473210
client_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,)
3248-
if has_tls_version('SSLv2'):
3249-
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv2, False)
32503211
if has_tls_version('SSLv3'):
32513212
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv3, False)
32523213
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLS, False,

Modules/_ssl.c

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -138,9 +138,6 @@ extern const SSL_METHOD *TLSv1_2_method(void);
138138
#define INVALID_SOCKET (-1)
139139
#endif
140140

141-
/* OpenSSL 1.1 does not have SSL 2.0 */
142-
#define OPENSSL_NO_SSL2
143-
144141
/* Default cipher suites */
145142
#ifndef PY_SSL_DEFAULT_CIPHERS
146143
#define PY_SSL_DEFAULT_CIPHERS 1
@@ -5825,10 +5822,6 @@ sslmodule_init_constants(PyObject *m)
58255822
#undef ADD_AD_CONSTANT
58265823

58275824
/* protocol versions */
5828-
#ifndef OPENSSL_NO_SSL2
5829-
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
5830-
PY_SSL_VERSION_SSL2);
5831-
#endif
58325825
#ifndef OPENSSL_NO_SSL3
58335826
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
58345827
PY_SSL_VERSION_SSL3);
@@ -5938,11 +5931,7 @@ sslmodule_init_constants(PyObject *m)
59385931
addbool(m, "HAS_NPN", 0);
59395932
addbool(m, "HAS_ALPN", 1);
59405933

5941-
#if defined(SSL2_VERSION) && !defined(OPENSSL_NO_SSL2)
5942-
addbool(m, "HAS_SSLv2", 1);
5943-
#else
59445934
addbool(m, "HAS_SSLv2", 0);
5945-
#endif
59465935

59475936
#if defined(SSL3_VERSION) && !defined(OPENSSL_NO_SSL3)
59485937
addbool(m, "HAS_SSLv3", 1);

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy