classification
Title: Prefer PROTOCOL_TLS_CLIENT/SERVER
Type: enhancement Stage: resolved
Components: SSL Versions: Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes
Priority: normal Keywords:

Created on 2017-09-04 23:20 by christian.heimes, last changed 2017-09-17 14:35 by christian.heimes. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3058 merged christian.heimes, 2017-09-04 23:22
Messages (2)
msg301282 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-04 23:20
Since Python 3.6 the ssl module has three new protocols:


* PROTOCOL_TLS is the new, preferred, and less confusing name of PROTOCOL_SSLv23. It performs auto-negotiation of the best TLS/SSL protocol supported by client and server.
* PROTOCOL_TLS_CLIENT is a client-only variant of PROTOCOL_TLS. The protocol also enables check_hostname and CERT_REQUIRED.
* PROTOCOL_TLS_SERVER is server side-only variant. It leaves check_hostname disabled and has CERT_NONE (no client cert validation).

Tests and code should prefer PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER whenever possible.
msg302287 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-15 18:27
New changeset a170fa162dc03f0a014373349e548954fff2e567 by Christian Heimes in branch 'master':
bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)
https://github.com/python/cpython/commit/a170fa162dc03f0a014373349e548954fff2e567
History
Date User Action Args
2017-09-17 14:35:33christian.heimessetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2017-09-15 18:27:32christian.heimessetmessages: + msg302287
2017-09-04 23:22:02christian.heimessetpull_requests: + pull_request3349
2017-09-04 23:20:29christian.heimescreate