WL14542: Deprecate TLS 1.0 and 1.1

nmariz · nmariz · commit 02fd86511f2f · 2021-04-29T10:17:12.000+01:00
With this worklog a deprecation warning is raised in Connector/Python
when TLSv1 or TLSv1.1 versions are being used, notifying the user that
these versions will be removed in a future release.
diff --git a/lib/mysql/connector/connection.py b/lib/mysql/connector/connection.py
@@ -35,6 +35,7 @@
 import platform
 import socket
 import time
+import warnings
 
 from .authentication import get_auth_plugin
 from .constants import (
@@ -421,6 +422,21 @@ def _open_connection(self):
             self.close()
             raise
 
+        if (
+            not self._ssl_disabled
+            and hasattr(self._socket.sock, "version")
+            and callable(self._socket.sock.version)
+        ):
+            # Raise a deprecation warning if TLSv1 or TLSv1.1 is being used
+            tls_version = self._socket.sock.version()
+            if tls_version in ("TLSv1", "TLSv1.1"):
+                warn_msg = (
+                    f"This connection is using {tls_version} which is now "
+                    "deprecated and will be removed in a future release of "
+                    "MySQL Connector/Python"
+                )
+                warnings.warn(warn_msg, DeprecationWarning)
+
     def shutdown(self):
         """Shut down connection to MySQL Server.
         """
diff --git a/lib/mysqlx/connection.py b/lib/mysqlx/connection.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2016, 2020, Oracle and/or its affiliates.
+# Copyright (c) 2016, 2021, Oracle and/or its affiliates.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License, version 2.0, as
@@ -58,6 +58,7 @@
 import random
 import re
 import threading
+import warnings
 
 try:
     import dns.resolver
@@ -360,6 +361,16 @@ def set_ssl(self, ssl_protos, ssl_mode, ssl_ca, ssl_crl, ssl_cert, ssl_key,
 
         self._is_ssl = True
 
+        # Raise a deprecation warning if TLSv1 or TLSv1.1 is being used
+        tls_version = self._socket.version()
+        if tls_version in ("TLSv1", "TLSv1.1"):
+            warn_msg = (
+                f"This connection is using {tls_version} which is now "
+                "deprecated and will be removed in a future release of "
+                "MySQL Connector/Python"
+            )
+            warnings.warn(warn_msg, DeprecationWarning)
+
     def is_ssl(self):
         """Verifies if SSL is being used.
 
