Message 284504 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	benjamin.peterson, christian.heimes, larry, ned.deily
Date	2017-01-02.21:07:24
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1483391244.76.0.29431388133.issue29136@psf.upfronthosting.co.za>
In-reply-to

Content
OpenSSL 1.1.1 is going to provide TLS 1.3. The preferred protocols PROTOCOL_TLS (old name PROTOCOL_SSLv23), PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER are going to have TLS 1.3 enabled by default. In order to disable TLS 1.3, let's add OP_NO_TLSv1_3 to _ssl.c and guard it with #ifdef SSL_OP_NO_TLSv1_3 https://github.com/openssl/openssl/blob/d2e491f225d465b11f18a466bf399d4a899cb50e/include/openssl/ssl.h#L346 Benjamin, Larry, Ned, are you ok with a new flag? OpenSSL 1.1.1 won't be available any time soon. I like to add the flag after the upcoming round of releases.

OpenSSL 1.1.1 is going to provide TLS 1.3. The preferred protocols PROTOCOL_TLS (old name PROTOCOL_SSLv23), PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER are going to have TLS 1.3 enabled by default. In order to disable TLS 1.3, let's add OP_NO_TLSv1_3 to _ssl.c and guard it with #ifdef SSL_OP_NO_TLSv1_3

https://github.com/openssl/openssl/blob/d2e491f225d465b11f18a466bf399d4a899cb50e/include/openssl/ssl.h#L346

Benjamin, Larry, Ned, are you ok with a new flag? OpenSSL 1.1.1 won't be available any time soon. I like to add the flag *after* the upcoming round of releases.

History
Date	User	Action	Args
2017-01-02 21:07:24	christian.heimes	set	recipients: + christian.heimes, larry, benjamin.peterson, ned.deily
2017-01-02 21:07:24	christian.heimes	set	messageid: <1483391244.76.0.29431388133.issue29136@psf.upfronthosting.co.za>
2017-01-02 21:07:24	christian.heimes	link	issue29136 messages
2017-01-02 21:07:24	christian.heimes	create