From 03dc951316e9d9461475b06ff20016d6855ff85d Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Fri, 29 Jul 2022 08:20:06 -0700 Subject: [PATCH] gh-95280: Fix test_get_ciphers on systems without RSA key exchange (GH-95282) (GH-95323) (cherry picked from commit 565403038b75eb64ea483b2757ba30769246d853) Co-authored-by: Christian Heimes <christian@python.org> --- Lib/test/test_ssl.py | 16 ++++++++++++++-- ...2022-07-26-15-22-19.gh-issue-95280.h8HvbP.rst | 2 ++ 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 Misc/NEWS.d/next/Tests/2022-07-26-15-22-19.gh-issue-95280.h8HvbP.rst diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 1f8c30c51aa..6faa2ee0bbe 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1169,8 +1169,20 @@ def test_get_ciphers(self): ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) ctx.set_ciphers('AESGCM') names = set(d['name'] for d in ctx.get_ciphers()) - self.assertIn('AES256-GCM-SHA384', names) - self.assertIn('AES128-GCM-SHA256', names) + expected = { + 'AES128-GCM-SHA256', + 'ECDHE-ECDSA-AES128-GCM-SHA256', + 'ECDHE-RSA-AES128-GCM-SHA256', + 'DHE-RSA-AES128-GCM-SHA256', + 'AES256-GCM-SHA384', + 'ECDHE-ECDSA-AES256-GCM-SHA384', + 'ECDHE-RSA-AES256-GCM-SHA384', + 'DHE-RSA-AES256-GCM-SHA384', + } + intersection = names.intersection(expected) + self.assertGreaterEqual( + len(intersection), 2, f"\ngot: {sorted(names)}\nexpected: {sorted(expected)}" + ) def test_options(self): ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) diff --git a/Misc/NEWS.d/next/Tests/2022-07-26-15-22-19.gh-issue-95280.h8HvbP.rst b/Misc/NEWS.d/next/Tests/2022-07-26-15-22-19.gh-issue-95280.h8HvbP.rst new file mode 100644 index 00000000000..523d9d5f2f8 --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2022-07-26-15-22-19.gh-issue-95280.h8HvbP.rst @@ -0,0 +1,2 @@ +Fix problem with ``test_ssl`` ``test_get_ciphers`` on systems that require +perfect forward secrecy (PFS) ciphers. -- GitLab