After retracting support for urllib3 v2 with GH-524, this patch brings it back, and adds a fallback mechanism for optionally re-enabling support for TLS 1.0 and TLS 1.1.
Details
Because urllib3 v2 drops support for TLS 1.0 and TLS 1.1 by default, this patch adds a new keyword argument ssl_relax_minimum_version, intending to optionally re-enable support for the deprecated protocols, in order to support connectivity to older versions or setups of CrateDB.
Please note urllib3 v2 no longer accepts the long deprecated commonName X.509 certificate attribute. Going forward, only the subjectAltName attribute values will be used when comparing server names.
About
After retracting support for urllib3 v2 with GH-524, this patch brings it back, and adds a fallback mechanism for optionally re-enabling support for TLS 1.0 and TLS 1.1.
Details
Because urllib3 v2 drops support for TLS 1.0 and TLS 1.1 by default, this patch adds a new keyword argument
ssl_relax_minimum_version, intending to optionally re-enable support for the deprecated protocols, in order to support connectivity to older versions or setups of CrateDB.Please note urllib3 v2 no longer accepts the long deprecated
commonNameX.509 certificate attribute. Going forward, only thesubjectAltNameattribute values will be used when comparing server names.All the details can be read up at https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html#modern-security-by-default ff.
/cc @karynzv, @marijaselakovic, @faymarie, @hlcianfagna, @hammerhead, @proddata, @tomach, @WalBeh, @quodt