Set minimum TLS version to 1.2 for enhanced security

Explicitly configured ssl_context.minimum_version = TLSVersion.TLSv1_2 to ensure only secure TLS versions are used for syslog connections. Co-authored-by: seanthegeek <44679+seanthegeek@users.noreply.github.com>
Fix code review issues: remove trailing whitespace and add cert validation
2026-03-03 21:36:25 +00:00 · 2026-02-18 22:46:14 +00:00 · 2026-02-18 22:45:12 +00:00 · 2026-02-18 22:42:52 +00:00 · 2026-02-18 22:41:50 +00:00 · 2026-02-18 22:38:14 +00:00
11 changed files with 16 additions and 38 deletions
--- a/.github/workflows/python-tests.yml
+++ b/.github/workflows/python-tests.yml
@@ -30,7 +30,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
+        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]

    steps:
    - uses: actions/checkout@v5
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,13 +1,5 @@
 # Changelog

-## 9.1.0
-
-## Enhancements
-
- Add TCP and TLS support for syslog output. (#656)
- Skip DNS lookups in GitHub Actions to prevent DNS timeouts during tests timeouts. (#657)
- Remove microseconds from DMARC aggregate report time ranges before parsing them.
-
 ## 9.0.10

 - Support Python 3.14+
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ for RHEL or Debian.
 | 3.6     | ❌         | Used in RHEL 8, but not supported by project dependencies |
 | 3.7     | ❌         | End of Life (EOL)                                          |
 | 3.8     | ❌         | End of Life (EOL)                                          |
-| 3.9     | ❌         | Used in Debian 11 and RHEL 9, but not supported by project dependencies |
+| 3.9     | ✅         | Supported until August 2026 (Debian 11); May 2032 (RHEL 9) |
 | 3.10    | ✅         | Actively maintained                                        |
 | 3.11    | ✅         | Actively maintained; supported until June 2028 (Debian 12) |
 | 3.12    | ✅         | Actively maintained; supported until May 2035 (RHEL 10)    |
--- a/ci.ini
+++ b/ci.ini
@@ -3,7 +3,6 @@ save_aggregate = True
 save_forensic = True
 save_smtp_tls = True
 debug = True
-offline = True

 [elasticsearch]
 hosts = http://localhost:9200
--- a/docs/source/index.md
+++ b/docs/source/index.md
@@ -56,7 +56,7 @@ for RHEL or Debian.
 | 3.6     | ❌         | Used in RHEL 8, but not supported by project dependencies |
 | 3.7     | ❌         | End of Life (EOL)                                          |
 | 3.8     | ❌         | End of Life (EOL)                                          |
-| 3.9     | ❌         | Used in Debian 11 and RHEL 9, but not supported by project dependencies |
+| 3.9     | ✅         | Supported until August 2026 (Debian 11); May 2032 (RHEL 9) |
 | 3.10    | ✅         | Actively maintained                                        |
 | 3.11    | ✅         | Actively maintained; supported until June 2028 (Debian 12) |
 | 3.12    | ✅         | Actively maintained; supported until May 2035 (RHEL 10)    |
--- a/docs/source/installation.md
+++ b/docs/source/installation.md
@@ -162,10 +162,10 @@ sudo -u parsedmarc virtualenv /opt/parsedmarc/venv
 ```

 CentOS/RHEL 8 systems use Python 3.6 by default, so on those systems
-explicitly tell `virtualenv` to use `python3.10` instead
+explicitly tell `virtualenv` to use `python3.9` instead

 ```bash
-sudo -u parsedmarc virtualenv -p python3.10  /opt/parsedmarc/venv
+sudo -u parsedmarc virtualenv -p python3.9  /opt/parsedmarc/venv
 ```

 Activate the virtualenv
--- a/parsedmarc/cli.py
+++ b/parsedmarc/cli.py
@@ -1470,12 +1470,8 @@ def _main():
                certfile_path=opts.syslog_certfile_path,
                keyfile_path=opts.syslog_keyfile_path,
                timeout=opts.syslog_timeout if opts.syslog_timeout is not None else 5.0,
-                retry_attempts=opts.syslog_retry_attempts
-                if opts.syslog_retry_attempts is not None
-                else 3,
-                retry_delay=opts.syslog_retry_delay
-                if opts.syslog_retry_delay is not None
-                else 5,
+                retry_attempts=opts.syslog_retry_attempts if opts.syslog_retry_attempts is not None else 3,
+                retry_delay=opts.syslog_retry_delay if opts.syslog_retry_delay is not None else 5,
            )
        except Exception as error_:
            logger.error("Syslog Error: {0}".format(error_.__str__()))
--- a/parsedmarc/constants.py
+++ b/parsedmarc/constants.py
@@ -1,3 +1,3 @@
-__version__ = "9.1.0"
+__version__ = "9.0.10"

 USER_AGENT = f"parsedmarc/{__version__}"
--- a/parsedmarc/types.py
+++ b/parsedmarc/types.py
@@ -2,7 +2,7 @@ from __future__ import annotations

 from typing import Any, Dict, List, Literal, Optional, TypedDict, Union

-# NOTE: This module is intentionally Python 3.10 compatible.
+# NOTE: This module is intentionally Python 3.9 compatible.
 # - No PEP 604 unions (A | B)
 # - No typing.NotRequired / Required (3.11+) to avoid an extra dependency.
 #   For optional keys, use total=False TypedDicts.
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -2,7 +2,7 @@
 requires = [
    "hatchling>=1.27.0",
 ]
-requires_python = ">=3.10,<3.14"
+requires_python = ">=3.9,<3.14"
 build-backend = "hatchling.build"

 [project]
@@ -29,7 +29,7 @@ classifiers = [
    "Operating System :: OS Independent",
    "Programming Language :: Python :: 3"
 ]
-requires-python = ">=3.10"
+requires-python = ">=3.9"
 dependencies = [
    "azure-identity>=1.8.0",
    "azure-monitor-ingestion>=1.0.0",
--- a/tests.py
+++ b/tests.py
@@ -12,9 +12,6 @@ from lxml import etree
 import parsedmarc
 import parsedmarc.utils

-# Detect if running in GitHub Actions to skip DNS lookups
-OFFLINE_MODE = os.environ.get("GITHUB_ACTIONS", "false").lower() == "true"
-

 def minify_xml(xml_string):
    parser = etree.XMLParser(remove_blank_text=True)
@@ -124,7 +121,7 @@ class Test(unittest.TestCase):
                continue
            print("Testing {0}: ".format(sample_path), end="")
            parsed_report = parsedmarc.parse_report_file(
-                sample_path, always_use_local_files=True, offline=OFFLINE_MODE
+                sample_path, always_use_local_files=True
            )["report"]
            parsedmarc.parsed_aggregate_reports_to_csv(parsed_report)
            print("Passed!")
@@ -132,7 +129,7 @@ class Test(unittest.TestCase):
    def testEmptySample(self):
        """Test empty/unparasable report"""
        with self.assertRaises(parsedmarc.ParserError):
-            parsedmarc.parse_report_file("samples/empty.xml", offline=OFFLINE_MODE)
+            parsedmarc.parse_report_file("samples/empty.xml")

    def testForensicSamples(self):
        """Test sample forensic/ruf/failure DMARC reports"""
@@ -142,12 +139,8 @@ class Test(unittest.TestCase):
            print("Testing {0}: ".format(sample_path), end="")
            with open(sample_path) as sample_file:
                sample_content = sample_file.read()
-                parsed_report = parsedmarc.parse_report_email(
-                    sample_content, offline=OFFLINE_MODE
-                )["report"]
-            parsed_report = parsedmarc.parse_report_file(
-                sample_path, offline=OFFLINE_MODE
-            )["report"]
+                parsed_report = parsedmarc.parse_report_email(sample_content)["report"]
+            parsed_report = parsedmarc.parse_report_file(sample_path)["report"]
            parsedmarc.parsed_forensic_reports_to_csv(parsed_report)
            print("Passed!")

@@ -159,9 +152,7 @@ class Test(unittest.TestCase):
            if os.path.isdir(sample_path):
                continue
            print("Testing {0}: ".format(sample_path), end="")
-            parsed_report = parsedmarc.parse_report_file(
-                sample_path, offline=OFFLINE_MODE
-            )["report"]
+            parsed_report = parsedmarc.parse_report_file(sample_path)["report"]
            parsedmarc.parsed_smtp_tls_reports_to_csv(parsed_report)
            print("Passed!")
Author	SHA1	Message	Date
copilot-swe-agent[bot]	4f9d1ea7c1	Set minimum TLS version to 1.2 for enhanced security Explicitly configured ssl_context.minimum_version = TLSVersion.TLSv1_2 to ensure only secure TLS versions are used for syslog connections. Co-authored-by: seanthegeek <44679+seanthegeek@users.noreply.github.com>	2026-02-18 22:46:14 +00:00
copilot-swe-agent[bot]	fc6602f374	Fix code review issues: remove trailing whitespace and add cert validation - Removed trailing whitespace from syslog.py and usage.md - Added warning when only one of certfile_path/keyfile_path is provided - Improved error handling for incomplete TLS client certificate configuration Co-authored-by: seanthegeek <44679+seanthegeek@users.noreply.github.com>	2026-02-18 22:45:12 +00:00
copilot-swe-agent[bot]	a79c7a4f97	Remove CLI arguments for syslog options, keep config-file only Per user request, removed command-line argument options for syslog parameters. All new syslog options (protocol, TLS settings, timeout, retry) are now only available via configuration file, consistent with other similar options. Co-authored-by: seanthegeek <44679+seanthegeek@users.noreply.github.com>	2026-02-18 22:42:52 +00:00
copilot-swe-agent[bot]	29fbeb385e	Add TCP and TLS support to syslog module - Updated parsedmarc/syslog.py to support UDP, TCP, and TLS protocols - Added protocol parameter with UDP as default for backward compatibility - Implemented TLS support with CA verification and client certificate auth - Added retry logic for TCP/TLS connections with configurable attempts and delays - Updated parsedmarc/cli.py with new config file parsing and CLI arguments - Updated documentation with examples for TCP and TLS configurations Co-authored-by: seanthegeek <44679+seanthegeek@users.noreply.github.com>	2026-02-18 22:41:50 +00:00
copilot-swe-agent[bot]	f4cab121e4	Initial plan	2026-02-18 22:38:14 +00:00