Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Defer to system defaults for cipher suites with urllib3 2.0+ #2922

Merged
merged 1 commit into from
Apr 27, 2023
Merged

Defer to system defaults for cipher suites with urllib3 2.0+ #2922

merged 1 commit into from
Apr 27, 2023

Conversation

nateprewitt
Copy link
Contributor

Starting in urllib3 2.0, the hardcoded DEFAULT_CIPHERS for the ssl_context have been removed. This is a migration in a safer direction to allow user systems to define preferred cipher suites and enable modification without new releases of urllib3. This will expedite any security patching and give users finer grained control over what is chosen.

Please note that botocore does not support urllib3 2.0 yet, but users are starting to see this interaction when testing for a future upgrade. To help enable that, we'll start deferring to urllib3 for this selection when an appropriate urllib3 version is installed (ref).

@nateprewitt nateprewitt mentioned this pull request Apr 27, 2023
Closed
@nateprewitt nateprewitt mentioned this pull request Apr 27, 2023
Closed
@codecov-commenter
Copy link

codecov-commenter commented Apr 27, 2023
edited
Loading

Codecov Report

Patch coverage: 50.00% and project coverage change: -0.02 ⚠️

Comparison is base (2b046dd) 93.43% compared to head (5948958) 93.42%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #2922      +/-   ##
===========================================
- Coverage    93.43%   93.42%   -0.02%     
===========================================
  Files           63       63              
  Lines        13554    13558       +4     
===========================================
+ Hits         12664    12666       +2     
- Misses         890      892       +2
Impacted Files Coverage Δ
botocore/httpsession.py 92.30% <50.00%> (-0.67%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@nateprewitt nateprewitt merged commit 0a6d8e3 into boto:develop Apr 27, 2023
@nateprewitt nateprewitt deleted the default_ciphers branch April 27, 2023 17:08
aws-sdk-python-automation added a commit that referenced this pull request Apr 27, 2023
@aws-sdk-python-automation
Merge branch 'release-1.29.122'
a878af6 
* release-1.29.122:
  Bumping version to 1.29.122
  Update to latest partitions and endpoints
  Update to latest models
  Defer to system defaults for cipher suites with urllib3 2.0+ (#2922)
@graingert graingert mentioned this pull request Apr 28, 2023
Merged
@clokep clokep mentioned this pull request Nov 17, 2023
Closed
@yan12125 yan12125 mentioned this pull request Apr 9, 2024
Open
@nateprewitt nateprewitt mentioned this pull request Sep 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonemo jonemo jonemo approved these changes

@jonathan343 jonathan343 Awaiting requested review from jonathan343

@dlm6693 dlm6693 Awaiting requested review from dlm6693

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nateprewitt @codecov-commenter @jonemo