This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Introspect ssl context: read ALPN and NPN protocols
Type: Stage:
Components: Extension Modules Versions: Python 3.9
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Dima.Tisnek
Priority: normal Keywords:

Created on 2020-03-30 05:51 by Dima.Tisnek, last changed 2022-04-11 14:59 by admin.

Messages (1)
msg365300 - (view) Author: Dima Tisnek (Dima.Tisnek) * Date: 2020-03-30 05:51 
It's quite easy to create new or modify existing ssl context:

ssl_context = ssl.create_default_context()
ssl_context.set_alpn_protocols(["h2"])

I'm writing a library where the context may be passed by the caller (useful if the caller wants to set custom CA path, or client cert auth, share TLS session tickets, etc.).

I'd love to be able to check that the context I get has correct ALPN and/or NPN protocols specified.

I'd love to be able to do something like this:

assert "h2" in ssl_context.alpn_protocols
or
assert "h2" in ssl_context.get_alpn_protocols()


There's sortof precedent for this, I use following code to set and check TLS version flags:

ssl_context.options |= ssl.OP_NO_TLSv1
assert ssl.OP_NO_TLSv1 in ssl_context.options
History
Date User Action Args
2022-04-11 14:59:28adminsetgithub: 84292
2020-03-30 05:51:59Dima.Tisnekcreate