test_ssl test_get_ciphers fails on systems without RSA key exchange

# Bug report

The test case ``test_get_ciphers`` assumes that ``SSLContext.set_ciphers('AESGCM')`` adds the cipher suites ``AES256-GCM-SHA384`` and ``AES128-GCM-SHA256``. These are OpenSSL's names for AES-GCM with RSA key exchange and RSA authentication:

```
AES256-GCM-SHA384              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(256)            Mac=AEAD
AES128-GCM-SHA256              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(128)            Mac=AEAD
```

These are old, problematic ciphers suites that do not provide perfect forward secrecy. The ciphers are blocked by some crypto policies, e.g. FIPS 140-3. We should relax the tests a bit and check for variants with FFDH or ECDH key exchange, e.g. ``ECDHE-ECDSA-AES256-GCM-SHA384``, ``ECDHE-RSA-AES256-GCM-SHA384``, or ``DHE-RSA-AES256-GCM-SHA384``.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

test_ssl test_get_ciphers fails on systems without RSA key exchange #95280

Bug report

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier! Saves Data!

Uh oh!

test_ssl test_get_ciphers fails on systems without RSA key exchange #95280

Description

Bug report

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier! Saves Data!