Message312408
This bug was originally the more generic issue #32858.
SSLContext.set_ecdh_curve() uses EC_KEY_new_by_curve_name() and SSL_CTX_set_tmp_ecdh() to configure the ECDH curve parameters. The current approach has multiple downsides. It doesn't work with X25519 and can only set one curve. OpenSSL 1.0.2+ has SSL_CTX_set1_curves_list(), which supports a list of curve names.
Proposal:
SSLContext.set_ecdh_curve() is changed from taking one curve name to an *arg of curve names. With OpenSSL 1.0.2+, 1..n curves are supported. For OpenSSL < 1.0.2 on 2.7-3.6, one curve is supported. Perhaps it makes sense to map an empty *arg to auto-configuration?
I like to cover the issue in PEP 543, too.
Cory,
what do you think about another enum of IANA groups of EC groups, https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 ? |
|
Date |
User |
Action |
Args |
2018-02-20 10:09:45 | christian.heimes | set | recipients:
+ christian.heimes, sruester |
2018-02-20 10:09:45 | christian.heimes | set | messageid: <1519121385.62.0.467229070634.issue32882@psf.upfronthosting.co.za> |
2018-02-20 10:09:45 | christian.heimes | link | issue32882 messages |
2018-02-20 10:09:45 | christian.heimes | create | |
|