Skip to content

Allow less modern ciphers for outgoing connections#15546

Merged
balloob merged 1 commit intodevfrom
ssl-client-loose
Jul 18, 2018
Merged

Allow less modern ciphers for outgoing connections#15546
balloob merged 1 commit intodevfrom
ssl-client-loose

Conversation

@balloob
Copy link
Copy Markdown
Member

@balloob balloob commented Jul 18, 2018

Description:

After the SSLContext incident (Fixed in #15483) I went too strict, enforcing only modern ciphers to be used when making connections to servers. This resulted in a couple of integrations breaking because the servers were using older ciphers.

After some debate, we've decided that server SSL is our issue and we will enforce Mozilla modern cipher config recommendation.

For the client, we will use the Mozilla CA bundle and use the default context provided by the current Python version.

Related issue (if applicable):

Checklist:

  • The code change is tested and works locally.
  • Local tests pass with tox. Your PR cannot be merged unless tests pass

@balloob balloob requested a review from a team as a code owner July 18, 2018 18:33
@homeassistant homeassistant added cla-signed core small-pr PRs with less than 30 lines. labels Jul 18, 2018
@ghost ghost assigned balloob Jul 18, 2018
@ghost ghost added the in progress label Jul 18, 2018
@balloob balloob added this to the 0.74 milestone Jul 18, 2018
@balloob balloob mentioned this pull request Jul 18, 2018
Closed
@micbase
Copy link
Copy Markdown
Contributor

micbase commented Jul 18, 2018

LGTM

@balloob balloob merged commit 4650366 into dev Jul 18, 2018
@balloob balloob deleted the ssl-client-loose branch July 18, 2018 21:00
@ghost ghost removed the in progress label Jul 18, 2018
balloob added a commit that referenced this pull request Jul 19, 2018
@balloob
Don't be so strict client-side (#15546)
dff2e4e
@smccloud smccloud mentioned this pull request Jul 19, 2018
Closed
@migromao migromao mentioned this pull request Jul 19, 2018
Closed
@balloob balloob mentioned this pull request Jul 20, 2018
Merged
@awarecan awarecan mentioned this pull request Jul 20, 2018
Closed
michaeldavie pushed a commit to michaeldavie/home-assistant that referenced this pull request Jul 31, 2018
@balloob @michaeldavie
Don't be so strict client-side (home-assistant#15546)
efea3cf
girlpunk pushed a commit to girlpunk/home-assistant that referenced this pull request Sep 4, 2018
@balloob
Don't be so strict client-side (home-assistant#15546)
413188a
@home-assistant home-assistant locked and limited conversation to collaborators Dec 10, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@balloob balloob

Labels

cherry-picked cla-signed core small-pr PRs with less than 30 lines.

Projects

None yet

Milestone

0.74

Development

Successfully merging this pull request may close these issues.

Meraki Device Tracker SSL Error Unable To Setup NameCheapDNS Component Due To SSL Handshake Error

3 participants

@balloob @micbase @homeassistant