Feature or enhancement
Proposal:
Some cryptography TLS libraries, such as AWS-LC and BoringSSL, lack support for "finite field" ephemeral Diffie-Hellman (FFDHE) TLS ciphersuites. This causes failure test_ssl.ThreadedTests.test_dh_params when CPython is build against such libraries, as that test case assumes ciphersuite support of FFDHE. This issue proposes modifying test_dh_params to skip itself if the underlying TLS library does not support FFDHE.
Has this already been discussed elsewhere?
I have already discussed this feature proposal on Discourse
Links to previous discussion of this feature:
This issue is very similar to a series of other test modifications discussed in
https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505/13
Linked PRs
Feature or enhancement
Proposal:
Some cryptography TLS libraries, such as AWS-LC and BoringSSL, lack support for "finite field" ephemeral Diffie-Hellman (FFDHE) TLS ciphersuites. This causes failure
test_ssl.ThreadedTests.test_dh_paramswhen CPython is build against such libraries, as that test case assumes ciphersuite support of FFDHE. This issue proposes modifyingtest_dh_paramsto skip itself if the underlying TLS library does not support FFDHE.Has this already been discussed elsewhere?
I have already discussed this feature proposal on Discourse
Links to previous discussion of this feature:
This issue is very similar to a series of other test modifications discussed in
https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505/13
Linked PRs
test_dh_paramswhen TLS library lacks FFDHE ciphersuites (GH-131051) #131874test_dh_paramswhen TLS library lacks FFDHE ciphersuites (GH-131051) #131875