Comments (3)
davidism
commented on May 2, 2024
1
Wait nevermind, the traceback is for Flask-Session but you're pointing at Flask code in the link. So the problem is that the default of sha1 causes hashlib to raise an error before it's possible to override that, so even if the user wants to choose something other than the default they can't do that in time.
from flask.
davidism
commented on May 2, 2024
Already reported to cachelib: pallets-eco/cachelib#361
from flask.
davidism
commented on May 2, 2024
Looking into this more, only MD5 is called out as not being available in FIPS mode: https://docs.python.org/3/library/hashlib.html#hash-algorithms. Has this changed recently to include SHA-1? If so, you should report that to Python as well to update the documentation to reflect what FIPS actually does.
I found this announcement https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm which states that FIPS 180-5 will be released by 2030, but I can't find anything detailing how you'd get a FIPS build of OpenSSL that doesn't support SHA-1 today. I need some more info on how OpenSSL/Python is being built, because it looks like the build is different than what FIPS actually requires.
from flask.
Related Issues (20)
- CHIPS support HOT 1
- The dependency specifiers are too relaxed HOT 3
- Route Aliases HOT 2
- Flask logging - Other libraries - FileHandler creates duplicate log entries HOT 11
- transfer-encoding: debug server behavior differs from test client HOT 1
- Keep code running after response has been sent. (To respond with HTTP requests to other servers) HOT 6
- Secret Key Rotation HOT 1
- @app.errorhandler() cannot be used in blueprint when debug=False
- Flask is not running when Debug is True on Windows HOT 1
- Starter example results in 404 error HOT 4
- How to avoid duplicate threads in debug mode
- Unable to silence logging messages HOT 1
- Broken HTML Markup in Template Inheritance HOT 1
- When using Flask to receive multiple files, an extra ā0Dā appears at the end of some images HOT 1
- Post request response time spikes HOT 1
- HTTP response status 204 (`No Content`) includes superfluous `Content-Type` header HOT 1
- Unable to start flask3.0 app on a minimal implementation with `invalid syntax. Perhaps you forgot a comma? (scaffold.py, line 295)` HOT 2
- Calling `flash` after `get_flashed_messages` fails HOT 3
- Conflicting cookies shenanigans with `SESSION_COOKIE_DOMAIN` HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask.