Title: it's not possible to set ECDH curve name via ssl.wrap_socket
Type: Stage:
Components: Library (Lib) Versions: Python 3.4
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: Nosy List: Michael.Gubser, pitrou
Priority: normal Keywords:

Created on 2014-01-28 16:25 by Michael.Gubser, last changed 2014-01-29 00:40 by pitrou. This issue is now closed.

Messages (2)
msg209561 - (view) Author: Michael Gubser (Michael.Gubser) Date: 2014-01-28 16:25
One can only set the ECDH curve name via SSLContext.set_ecdh_curve(). ssl.wrap_socket() doesn't have a parameter to use it for the wrapping of the basic socket. Therefore one always has to do the detour over SSLContext.
msg209607 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-01-29 00:40
ssl.wrap_socket is pretty much a legacy API. It has too many parameters already, and I don't really want to make it worse. The SSLContext API is designed to be more palatable, even though it's a bit less compact.

(also, ssl.wrap_socket will implicitly create a new context each time, which is wasteful - especially when context initialization implies loading certificates, etc.)
Date User Action Args
2014-01-29 00:40:22pitrousetstatus: open -> closed
versions: + Python 3.4, - Python 3.3
nosy: + pitrou

messages: + msg209607

resolution: wont fix
2014-01-28 16:25:16Michael.Gubsercreate