Message 214241 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dstufft
Recipients	alex, christian.heimes, dstufft, ncoghlan, pitrou
Date	2014-03-20.14:16:44
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1395325005.18.0.706730120112.issue20996@psf.upfronthosting.co.za>
In-reply-to

Content
Python 3.4 has constants and code to enable forcing the ssl_version to TLS 1.1 or 1.2. As it stands now Python 2.7, 3.2, and 3.3 can successfully connect and will use a TLS 1.1 or 1.2 connection if it's available (new enough OpenSSL) but cannot _force_ a connection to use TLS 1.1 or 1.2. It would be good to backport this from 3.4, it would involve adding constants to ssl.py, and minimal code to _ssl.c to handle actually forcing the TLS method.

Python 3.4 has constants and code to enable forcing the ssl_version to TLS 1.1 or 1.2. As it stands now Python 2.7, 3.2, and 3.3 can successfully connect and will use a TLS 1.1 or 1.2 connection if it's available (new enough OpenSSL) but cannot _force_ a connection to use TLS 1.1 or 1.2.

It would be good to backport this from 3.4, it would involve adding constants to ssl.py, and minimal code to _ssl.c to handle actually forcing the TLS method.

History
Date	User	Action	Args
2014-03-20 14:16:45	dstufft	set	recipients: + dstufft, ncoghlan, pitrou, christian.heimes, alex
2014-03-20 14:16:45	dstufft	set	messageid: <1395325005.18.0.706730120112.issue20996@psf.upfronthosting.co.za>
2014-03-20 14:16:45	dstufft	link	issue20996 messages
2014-03-20 14:16:44	dstufft	create