This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Support TLS 1.3
Type: enhancement Stage: resolved
Components: Versions: Python 3.8, Python 3.7, Python 3.6, Python 2.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: alex, benjamin.peterson, christian.heimes, dreamsorcerer, dstufft, janssen, ned.deily, philipp, zmwangx
Priority: high Keywords: patch

Created on 2018-05-23 14:38 by christian.heimes, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 7079 merged christian.heimes, 2018-05-23 18:13
PR 7082 merged miss-islington, 2018-05-23 20:24
Messages (9)
msg317413 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-23 14:38
Epic for various TLS 1.3 related tasks and improvements

TLS 1.3 requires some changes to the SSL module and tests. The TLS 1.3 handshake behaves slightly differently, which causes some tests to fail. The new handshake and deferred non-application data also affect applications. 

* TLS 1.3 cipher suites are now set by SSL_CTX_set_ciphersuites(), while SSL to TLS 1.2 cipher suites are still set by SSL_CTX_set_cipher_list(). Therefore SSLContext.set_ciphers() no longer fails with invalid cipher suites, because TLS 1.3 are still available. TLS 1.3 cipher suites also cannot be changed or disabled by SSLContext.set_ciphers().

* TLS client cert authentication occurs after SSL_do_handshake() has finished. SSLSocket.connect() / handshake no longer fail, when the server requests a client cert or the available client cert is invalid. The actual authentication occurs when the client performs the first SSL_read() / SSL_write().

* Session tickets are exchanged after the handshake, too. On the client side, the session ticket is only available after the first SSL_read() or other operations that perform a read(). The session ticket class and code no longer works with TLS 1.3.

* TLS 1.3 sends two session tickets instead of one.

* Server-side handshake can fail with ConnectionResetError or BrokenPipeError, when the client closes the fd while the server is still send non-application data like new session ticket or client cert request.

* Client-side unwrap() / shutdown used to fail when a session ticket was stuck on the wire. This problem will be fixed by OpenSSL 1.1.1-pre7, see 

I'll add a TLS 1.3 section to the ssl module documentation. TLS 1.3 will be a tech-preview and not production-ready until at least OpenSSL 1.1.1-final and Python 3.7.1. Ned, Benjamin, are you OK with that?
msg317414 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-23 14:44

* We also need a new API to request TLS client cert authentication *after* some application data was requested. The use case is e.g. HTTP web server. A client sends a GET request and then the server gets to decide if the route requires authentication or not.

* Renegotiation is no longer available (good). TLS 1.3 has a new re-keying mechanism to establish a new master key.
msg317448 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2018-05-23 20:10
> Ned, Benjamin, are you OK with that?

Just to be clear, you wish to merge a backport of PR 7079 for 3.7.0rc1?
msg317449 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-23 20:13
Yes, if that's ok with you. It's only documentation and test updates.
msg317451 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2018-05-23 20:18
As long as it doesn't break 1.0.2 and 1.1.0 support, sure :)
msg317452 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-23 20:22
Tests with 1.0.2o and 1.1.0h are passing.
msg317453 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-23 20:24
New changeset 529525fb5a8fd9b96ab4021311a598c77588b918 by Christian Heimes in branch 'master':
bpo-33618: Enable TLS 1.3 in tests (GH-7079)
msg317455 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-23 20:49
New changeset 72ef4fc32b354f8e56eec64f4c15ac2e07d118be by Christian Heimes (Miss Islington (bot)) in branch '3.7':
[3.7] bpo-33618: Enable TLS 1.3 in tests (GH-7079) (GH-7082)
msg317533 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-05-24 06:05
2.7 is okay, too. The next release isn't for a while, so it'll have time to bake.
Date User Action Args
2022-04-11 14:59:00adminsetgithub: 77799
2021-09-03 17:04:05philippsetnosy: + philipp
2020-05-31 19:36:27christian.heimessetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2020-05-31 15:29:37dreamsorcerersetnosy: + dreamsorcerer
2019-02-16 04:16:23yan12125setnosy: - yan12125
2019-02-16 01:10:29zmwangxsetnosy: + zmwangx
2018-05-24 06:05:52benjamin.petersonsetmessages: + msg317533
2018-05-23 20:49:14christian.heimessetmessages: + msg317455
2018-05-23 20:24:57miss-islingtonsetpull_requests: + pull_request6713
2018-05-23 20:24:53christian.heimessetmessages: + msg317453
2018-05-23 20:22:45christian.heimessetmessages: + msg317452
2018-05-23 20:18:06ned.deilysetmessages: + msg317451
2018-05-23 20:13:48christian.heimessetmessages: + msg317449
2018-05-23 20:10:15ned.deilysetmessages: + msg317448
2018-05-23 18:13:43christian.heimessetkeywords: + patch
stage: needs patch -> patch review
pull_requests: + pull_request6709
2018-05-23 15:41:47yan12125setnosy: + yan12125
2018-05-23 14:44:39christian.heimessetmessages: + msg317414
2018-05-23 14:38:43christian.heimescreate