It's quite easy to create new or modify existing ssl context:
ssl_context = ssl.create_default_context()
ssl_context.set_alpn_protocols(["h2"])
I'm writing a library where the context may be passed by the caller (useful if the caller wants to set custom CA path, or client cert auth, share TLS session tickets, etc.).
I'd love to be able to check that the context I get has correct ALPN and/or NPN protocols specified.
I'd love to be able to do something like this:
assert "h2" in ssl_context.alpn_protocols
or
assert "h2" in ssl_context.get_alpn_protocols()
There's sortof precedent for this, I use following code to set and check TLS version flags:
ssl_context.options |= ssl.OP_NO_TLSv1
assert ssl.OP_NO_TLSv1 in ssl_context.options
|