This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients alex, christian.heimes, dstufft, hanno, janssen
Date 2017-11-02.10:51:04
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1509619864.87.0.213398074469.issue31892@psf.upfronthosting.co.za>
In-reply-to
Content 
Example implementation of get_server_certificate() with cert type: https://gist.github.com/tiran/6e7a5b00483376e164c951730db7d4e5

TLS 1.3 has a signature_algorithms extension that allows a client to have even more control over the selected certificate and signature algorithms. It defines authentication algorithm (RSA, ECDSA, EdDSA), signature scheme (PKCS#1 v1.5 or PKCS#1 v2.1 aka RSA-PSS for RSA, curve for ECDSA), and hashing algorithm (SHA-1, SHA-2 256/384/512). https://tools.ietf.org/html/draft-ietf-tls-tls13-21#section-4.2.3

I've contacted openssl maintainers and asked them for advice: https://mta.openssl.org/pipermail/openssl-users/2017-November/006834.html
History
Date User Action Args
2017-11-02 10:51:04christian.heimessetrecipients: + christian.heimes, janssen, alex, dstufft, hanno
2017-11-02 10:51:04christian.heimessetmessageid: <1509619864.87.0.213398074469.issue31892@psf.upfronthosting.co.za>
2017-11-02 10:51:04christian.heimeslinkissue31892 messages
2017-11-02 10:51:04christian.heimescreate