OpenSSL 1.1.1 is going to provide TLS 1.3. The preferred protocols PROTOCOL_TLS (old name PROTOCOL_SSLv23), PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER are going to have TLS 1.3 enabled by default. In order to disable TLS 1.3, let's add OP_NO_TLSv1_3 to _ssl.c and guard it with #ifdef SSL_OP_NO_TLSv1_3

https://github.com/openssl/openssl/blob/d2e491f225d465b11f18a466bf399d4a899cb50e/include/openssl/ssl.h#L346

Benjamin, Larry, Ned, are you ok with a new flag? OpenSSL 1.1.1 won't be available any time soon. I like to add the flag *after* the upcoming round of releases.

I think that's fine for 2.7.

On Mon, Jan 2, 2017, at 13:07, Christian Heimes wrote:
> 
> New submission from Christian Heimes:
> 
> OpenSSL 1.1.1 is going to provide TLS 1.3. The preferred protocols
> PROTOCOL_TLS (old name PROTOCOL_SSLv23), PROTOCOL_TLS_CLIENT and
> PROTOCOL_TLS_SERVER are going to have TLS 1.3 enabled by default. In
> order to disable TLS 1.3, let's add OP_NO_TLSv1_3 to _ssl.c and guard it
> with #ifdef SSL_OP_NO_TLSv1_3
> 
> https://github.com/openssl/openssl/blob/d2e491f225d465b11f18a466bf399d4a899cb50e/include/openssl/ssl.h#L346
> 
> Benjamin, Larry, Ned, are you ok with a new flag? OpenSSL 1.1.1 won't be
> available any time soon. I like to add the flag *after* the upcoming
> round of releases.
> 
> ----------
> assignee: christian.heimes
> components: SSL
> messages: 284504
> nosy: benjamin.peterson, christian.heimes, larry, ned.deily
> priority: normal
> severity: normal
> stage: needs patch
> status: open
> title: Add OP_NO_TLSv1_3
> type: enhancement
> versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7
> 
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue29136>
> _______________________________________

memo to me: Update the TLS cipher list to include TLS 1.3 ciphers. TLS 1.3 uses a disjunct set of cipher suites. No member of the current cipher suite set is compatible with TLS 1.3. Handshake with TLS 1.3 enabled servers is going to fail.

As of today OpenSSL 1.1.1-dev provides one of five TLS 1.3 ciphers: TLS13-AES-128-GCM-SHA256. TLS13-AES-256-GCM-SHA384 and TLS13-CHACHA20-POLY1305 are not yet implemented as are CCM block mode.

We can easily just add `TLS13:...` at the from of our ciphersuite list and it'll be ok though right? (Note to self, do the same in urllib3, twisted, requests, god only knows what else)

No, of course it does not work (yet):

$ LD_LIBRARY_PATH=. apps/openssl ciphers TLS13
Error in cipher list
140546693477888:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2100:

For those who want to keep track, the relevant OpenSSL ticket for configuring TLSv1.3 cipher suites is https://github.com/openssl/openssl/issues/2276.

PR 1363 also introduced ssl.HAS_TLSv1_3 flag for unit tests. The flag is required because OpenSSL 1.1.1-dev can be compiled without TLS 1.3 support. The development version always defines OP_NO_TLSv1_3 to a non-zero value. Further more the PR adds a test for TLS 1.3.

New changeset cb5b68abdeb1b1d56c581d5b4d647018703d61e3 by Christian Heimes in branch 'master':
bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (#1363)
https://github.com/python/cpython/commit/cb5b68abdeb1b1d56c581d5b4d647018703d61e3

New changeset 9f2b3d4c2899f9caea2e47063061a76e460ac618 by Christian Heimes in branch '3.6':
[3.6] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (GH-1363) (#3444)
https://github.com/python/cpython/commit/9f2b3d4c2899f9caea2e47063061a76e460ac618

New changeset b9a860f3bf80b0d4a6c25d0f2f6ef849d9bf3594 by Christian Heimes in branch '2.7':
[2.7] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (GH-1363) (#3446)
https://github.com/python/cpython/commit/b9a860f3bf80b0d4a6c25d0f2f6ef849d9bf3594

In backport to 2.7 branch, ".. versionadded:: 2.7.15" and ".. versionchanged:: 2.7.15" were used.

However, in backport to 3.6 branch, ".. versionadded:: 3.7" and ".. versionchanged:: 3.7" were used, instead of expected ".. versionadded:: 3.6.3" and ".. versionchanged:: 3.6.3".

Good catch, thanks! I'll update the documentation.

New changeset 28580316a57d1757978196c27286f989d21ec0f3 by Christian Heimes in branch '3.6':
bpo-29136: Fix versionchange for TLS 1.3 changes (#3483)
https://github.com/python/cpython/commit/28580316a57d1757978196c27286f989d21ec0f3

Thanks, I fixed versionchanged.