Message 289346 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Lukasa
Recipients	Lukasa, christian.heimes
Date	2017-03-10.10:03:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1489140184.21.0.804659104334.issue29781@psf.upfronthosting.co.za>
In-reply-to

Content
The SSLObject object from the ssl module has a version() method that is undocumented. A reasonable assumption for the behaviour of that method is that it would follow the behaviour of the same method on SSLSocket(), which has the following documentation: > Return the actual SSL protocol version negotiated by the connection as > a string, or None is no secure connection is established. As of this > writing, possible return values include "SSLv2", "SSLv3", "TLSv1", > "TLSv1.1" and "TLSv1.2". Recent OpenSSL versions may define more return > values. However, SSLObject does not follow that behaviour: Python 3.6.0 (default, Jan 18 2017, 18:08:34) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import ssl >>> ctx = ssl.create_default_context() >>> in_bio = ssl.MemoryBIO() >>> out_bio = ssl.MemoryBIO() >>> buffers = ctx.wrap_bio(in_bio, out_bio) >>> buffers.version() 'TLSv1.2' That is, a SSLObject that does not have a TLS session established will incorrectly report that it is using a TLS version. This method should return None in this case.

The SSLObject object from the ssl module has a version() method that is undocumented. A reasonable assumption for the behaviour of that method is that it would follow the behaviour of the same method on SSLSocket(), which has the following documentation:

> Return the actual SSL protocol version negotiated by the connection as
> a string, or None is no secure connection is established. As of this
> writing, possible return values include "SSLv2", "SSLv3", "TLSv1",
> "TLSv1.1" and "TLSv1.2". Recent OpenSSL versions may define more return
> values.

However, SSLObject does not follow that behaviour:

Python 3.6.0 (default, Jan 18 2017, 18:08:34) 
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ctx = ssl.create_default_context()
>>> in_bio = ssl.MemoryBIO()
>>> out_bio = ssl.MemoryBIO()
>>> buffers = ctx.wrap_bio(in_bio, out_bio)
>>> buffers.version()
'TLSv1.2'

That is, a SSLObject that does not have a TLS session established will incorrectly report that it is using a TLS version. This method should return None in this case.

History
Date	User	Action	Args
2017-03-10 10:03:04	Lukasa	set	recipients: + Lukasa, christian.heimes
2017-03-10 10:03:04	Lukasa	set	messageid: <1489140184.21.0.804659104334.issue29781@psf.upfronthosting.co.za>
2017-03-10 10:03:04	Lukasa	link	issue29781 messages
2017-03-10 10:03:03	Lukasa	create