Message 307956 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, chuq, njs
Date	2017-12-10.10:37:36
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1512902256.46.0.213398074469.issue32257@psf.upfronthosting.co.za>
In-reply-to

Content
Sounds about right, but I cannot find a good way to disable renegotiation. * SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS doesn't look right. For one it's an internal, undocumented flag. But more important it is no longer supported in OpenSSL 1.1.0. * The info_callback trick does not work. The info callback cannot return an error indicator. In OpenSSL 1.1.0 the function signature is ``void (cb) (const SSL ssl, int type, int val)``, which means it cannot modify the SSL object in order to abort the connection forcefully.

Sounds about right, but I cannot find a good way to disable renegotiation.

* SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS doesn't look right. For one it's an internal, undocumented flag. But more important it is no longer supported in OpenSSL 1.1.0.

* The info_callback trick does not work. The info callback cannot return an error indicator. In OpenSSL 1.1.0 the function signature is ``void (*cb) (const SSL *ssl, int type, int val)``, which means it cannot modify the SSL object in order to abort the connection forcefully.

History
Date	User	Action	Args
2017-12-10 10:37:36	christian.heimes	set	recipients: + christian.heimes, njs, chuq
2017-12-10 10:37:36	christian.heimes	set	messageid: <1512902256.46.0.213398074469.issue32257@psf.upfronthosting.co.za>
2017-12-10 10:37:36	christian.heimes	link	issue32257 messages
2017-12-10 10:37:36	christian.heimes	create