classification
Title: OpenSSL 1.1.1 / TLS 1.3 cipher suite changes
Type: behavior Stage: patch review
Components: SSL Versions: Python 3.8, Python 3.7, Python 3.6, Python 2.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: alex, benjamin.peterson, christian.heimes, dstufft, janssen, miss-islington, ned.deily
Priority: high Keywords: patch

Created on 2018-05-18 13:00 by christian.heimes, last changed 2018-11-20 14:27 by cstratak.

Pull Requests
URL Status Linked Edit
PR 6976 merged christian.heimes, 2018-05-18 19:53
PR 7064 merged miss-islington, 2018-05-22 20:51
PR 8771 open christian.heimes, 2018-08-15 07:24
PR 10607 open cstratak, 2018-11-20 14:27
Messages (4)
msg317027 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-18 13:00
The definition and configuration of TLS 1.3 cipher suites has changed during the development phase of OpenSSL 1.1.1. The cipher suites are no longer prefixed with "TLS13-". TLS 1.3 are always enabled and can no longer be disabled with SSLContext.set_ciphers() / SSL_CTX_set_cipher_list(). Instead the suites are now configured with SSL_CTX_set_ciphersuites(). See https://github.com/openssl/openssl/pull/5392

For now I'm not going to expose the new API. Instead I'll update the documentation and tests for 2.7 to 3.8 with new names. I'll also mention that TLS 1.3 suites will be always available with OpenSSL 1.1.1.
msg317345 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-22 20:50
New changeset e8eb6cb7920ded66abc5d284319a8539bdc2bae3 by Christian Heimes in branch 'master':
bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)
https://github.com/python/cpython/commit/e8eb6cb7920ded66abc5d284319a8539bdc2bae3
msg317347 - (view) Author: miss-islington (miss-islington) Date: 2018-05-22 21:40
New changeset cd57b48ef9a70b7ef693ba52aaf38d7c945ab5d3 by Miss Islington (bot) in branch '3.7':
bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)
https://github.com/python/cpython/commit/cd57b48ef9a70b7ef693ba52aaf38d7c945ab5d3
msg323552 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-08-15 07:07
New changeset 3e630c541b35c96bfe5619165255e559f577ee71 by Christian Heimes in branch '3.6':
bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976) (GH-8760)
https://github.com/python/cpython/commit/3e630c541b35c96bfe5619165255e559f577ee71
History
Date User Action Args
2018-11-20 14:27:54cstrataksetpull_requests: + pull_request9850
2018-08-15 07:24:11christian.heimessetpull_requests: + pull_request8247
2018-08-15 07:07:31christian.heimessetmessages: + msg323552
2018-05-22 21:40:49miss-islingtonsetnosy: + miss-islington
messages: + msg317347
2018-05-22 20:51:26miss-islingtonsetpull_requests: + pull_request6694
2018-05-22 20:50:23christian.heimessetmessages: + msg317345
2018-05-18 19:53:22christian.heimessetkeywords: + patch
stage: test needed -> patch review
pull_requests: + pull_request6631
2018-05-18 13:00:38christian.heimescreate