classification
Title: expose SSL socket protocol version
Type: enhancement Stage: resolved
Components: Library (Lib) Versions: Python 3.5
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: alex, benjamin.peterson, christian.heimes, dstufft, ethan.furman, geertj, giampaolo.rodola, janssen, pitrou, python-dev
Priority: normal Keywords: patch

Created on 2014-01-28 16:36 by pitrou, last changed 2014-09-04 20:33 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
ssl_version.patch pitrou, 2014-08-23 04:06 review
ssl_version2.patch pitrou, 2014-08-30 19:45 review
backport-version.diff alex, 2014-09-04 20:16
Messages (14)
msg209564 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-01-28 16:36
SSL sockets should provide a way to query the current protocol version (e.g. "TLSv1.2"). OpenSSL makes it easy through SSL_get_version().

Open question is whether we return the string returned by SSL_get_version(), or we convert it to one of the constants ssl.PROTOCOL_XXX.
msg214621 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-03-23 17:35
(slightly related: should ssl.PROTOCOL_xxx constants become enum members?)
msg214864 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-03-25 23:10
We could actually use the undocumented "int SSL_version(const SSL *s)" and convert the return value to one of our favourite protocol constants.
msg216543 - (view) Author: Ethan Furman (ethan.furman) * (Python committer) Date: 2014-04-16 18:21
Sounds good to me.
msg216792 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-04-18 18:41
Ok, it came to me that converting to one of the PROTOCOL* constants can fail in the following case: Python is linked with an OpenSSL that supports a more recent protocol version than the ssl module is aware of. SSL_get_version() can then return a protocol (e.g. "TLSv1.3") that we don't know about, and have no way of converting to an existing constant.

So perhaps we should really simply return the same string as OpenSSL?
msg216793 - (view) Author: Giampaolo Rodola' (giampaolo.rodola) * (Python committer) Date: 2014-04-18 18:51
Debatable. Maybe I'm +0.1 for returning the plain string. IMO when it comes to stdlib modules, enums are only really useful for converting integer constants.
msg225726 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-08-23 04:06
Here is a patch. Doc updates still missing.
msg226146 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-08-30 19:45
Updated patch with doc.
msg226370 - (view) Author: Roundup Robot (python-dev) Date: 2014-09-04 19:00
New changeset 648685f8d5e9 by Antoine Pitrou in branch 'default':
Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use.
http://hg.python.org/cpython/rev/648685f8d5e9
msg226371 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-09-04 19:02
Pushed to default.
msg226375 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-09-04 19:47
Should this be backported to 2.7.9?
msg226376 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2014-09-04 19:55
It's as you want, now. I don't think this is really important, though.
msg226377 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-09-04 20:16
Attached patch backports it (only change is the use of `closing()` and resolving the conflict in Misc/NEWS). I'll leave it up to benjamin whether he wants to commit (input from others welcome). My view is to prefer backporting stuff since it helps keep the diff small.
msg226379 - (view) Author: Roundup Robot (python-dev) Date: 2014-09-04 20:33
New changeset 16c86a6bdbe2 by Alex Gaynor in branch '2.7':
Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use.
http://hg.python.org/cpython/rev/16c86a6bdbe2
History
Date User Action Args
2014-09-04 20:33:36python-devsetmessages: + msg226379
2014-09-04 20:16:21alexsetfiles: + backport-version.diff
nosy: + benjamin.peterson
messages: + msg226377

2014-09-04 19:55:01pitrousetmessages: + msg226376
2014-09-04 19:47:57alexsetmessages: + msg226375
2014-09-04 19:02:06pitrousetstatus: open -> closed
resolution: fixed
messages: + msg226371

stage: patch review -> resolved
2014-09-04 19:00:18python-devsetnosy: + python-dev
messages: + msg226370
2014-08-30 23:14:53pitrousetnosy: + geertj
2014-08-30 19:45:17pitrousetfiles: + ssl_version2.patch

messages: + msg226146
stage: needs patch -> patch review
2014-08-23 04:06:14pitrousetfiles: + ssl_version.patch
keywords: + patch
messages: + msg225726
2014-04-18 18:51:07giampaolo.rodolasetmessages: + msg216793
2014-04-18 18:41:06pitrousetmessages: + msg216792
2014-04-16 18:21:42ethan.furmansetnosy: + ethan.furman
messages: + msg216543
2014-03-25 23:10:07pitrousetmessages: + msg214864
2014-03-23 17:35:53alexsetnosy: + alex
2014-03-23 17:35:14pitrousetmessages: + msg214621
2014-03-21 19:07:56pitrousetnosy: + dstufft
2014-01-28 16:36:54pitroucreate