Author Lukasa
Recipients Lukasa, christian.heimes
Date 2017-03-10.10:03:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1489140184.21.0.804659104334.issue29781@psf.upfronthosting.co.za>
In-reply-to
Content
The SSLObject object from the ssl module has a version() method that is undocumented. A reasonable assumption for the behaviour of that method is that it would follow the behaviour of the same method on SSLSocket(), which has the following documentation:

> Return the actual SSL protocol version negotiated by the connection as
> a string, or None is no secure connection is established. As of this
> writing, possible return values include "SSLv2", "SSLv3", "TLSv1",
> "TLSv1.1" and "TLSv1.2". Recent OpenSSL versions may define more return
> values.

However, SSLObject does not follow that behaviour:

Python 3.6.0 (default, Jan 18 2017, 18:08:34) 
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ctx = ssl.create_default_context()
>>> in_bio = ssl.MemoryBIO()
>>> out_bio = ssl.MemoryBIO()
>>> buffers = ctx.wrap_bio(in_bio, out_bio)
>>> buffers.version()
'TLSv1.2'

That is, a SSLObject that does not have a TLS session established will incorrectly report that it is using a TLS version. This method should return None in this case.
History
Date User Action Args
2017-03-10 10:03:04Lukasasetrecipients: + Lukasa, christian.heimes
2017-03-10 10:03:04Lukasasetmessageid: <1489140184.21.0.804659104334.issue29781@psf.upfronthosting.co.za>
2017-03-10 10:03:04Lukasalinkissue29781 messages
2017-03-10 10:03:03Lukasacreate