8000 Allow less modern ciphers for outgoing connections by balloob · Pull Request #15546 · home-assistant/core · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Allow less modern ciphers for outgoing connections #15546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 18, 2018
Merged

Allow less modern ciphers for outgoing connections #15546

merged 1 commit into from
Jul 18, 2018

Conversation

balloob
Copy link
Member
@balloob balloob commented Jul 18, 2018

Description:

After the SSLContext incident (Fixed in #15483) I went too strict, enforcing only modern ciphers to be used when making connections to servers. This resulted in a couple of integrations breaking because the servers were using older ciphers.

After some debate, we've decided that server SSL is our issue and we will enforce Mozilla modern cipher config recommendation.

For the client, we will use the Mozilla CA bundle and use the default context provided by the current Python version.

Related issue (if applicable):

Checklist:

  • The code change is tested and works locally.
  • Local tests pass with tox. Your PR cannot be merged unless tests pass

@balloob balloob requested a review from a team as a code owner July 18, 2018 18:33
@homeassistant homeassistant added cla-signed core small-pr PRs with less than 30 lines. labels Jul 18, 2018
@ghost ghost assigned balloob Jul 18, 2018
@ghost ghost added the in progress label Jul 18, 2018
@balloob balloob added this to the 0.74 milestone Jul 18, 2018
@balloob balloob mentioned this pull request Jul 18, 2018
Closed
@micbase
Copy link
Contributor
micbase commented Jul 18, 2018

LGTM

@balloob balloob merged commit 4650366 into dev Jul 18, 2018
@balloob balloob deleted the ssl-client-loose branch July 18, 2018 21:00
@ghost ghost removed the in progress label Jul 18, 2018
balloob added a commit that referenced this pull request Jul 19, 2018
@balloob
Don't be so strict client-side (#15546)
dff2e4e
@smccloud smccloud mentioned this pull request Jul 19, 2018
Closed
@migromao migromao mentioned this pull request Jul 19, 2018
Closed
@balloob balloob mentioned this pull request Jul 20, 2018
Merged
@awarecan awarecan mentioned this pull request Jul 20, 2018
Closed
michaeldavie pushed a commit to michaeldavie/home-assistant that referenced this pull request Jul 31, 2018
@balloob @michaeldavie
Don't be so strict client-side (home-assistant#15546)
efea3cf
girlpunk pushed a commit to girlpunk/home-assistant that referenced this pull request Sep 4, 2018
@balloob
Don't be so strict client-side (home-assistant#15546)
413188a
@home-assistant home-assistant locked and limited conversation to collaborators Dec 10, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@balloob balloob

Labels
cherry-picked cla-signed core small-pr PRs with less than 30 lines.
Projects
None yet
Milestone
0.74
Development

Successfully merging this pull request may close these issues.

Meraki Device Tracker SSL Error Unable To Setup NameCheapDNS Component Due To SSL Handshake Error
3 participants
@balloob @micbase @homeassistant
0