Message 329410 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	RemiCardona, asvetlov, christian.heimes, yselivanov
Date	2018-11-07.10:08:23
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1541585303.46.0.788709270274.issue34971@psf.upfronthosting.co.za>
In-reply-to

Content
The session code of the ssl is not compatible with TLS 1.3. Actually the whole API doesn't work with TLS 1.3. In TLS 1.2 and before, sessions had multiple security implications. For example they break PFS. TLS 1.3 changed when sessions are exchanged and how session are resumed. Session data is no longer part of the handshake. Instead the server can send session tickets at any point after the handshake. A server can send multiple tickets (usually two) and tickets must only be reused once.

The session code of the ssl is not compatible with TLS 1.3. Actually the whole API doesn't work with TLS 1.3. In TLS 1.2 and before, sessions had multiple security implications. For example they break PFS.

TLS 1.3 changed when sessions are exchanged and how session are resumed. Session data is no longer part of the handshake. Instead the server can send session tickets at any point after the handshake. A server can send multiple tickets (usually two) and tickets must only be reused once.

History
Date	User	Action	Args
2018-11-07 10:08:23	christian.heimes	set	recipients: + christian.heimes, asvetlov, yselivanov, RemiCardona
2018-11-07 10:08:23	christian.heimes	set	messageid: <1541585303.46.0.788709270274.issue34971@psf.upfronthosting.co.za>
2018-11-07 10:08:23	christian.heimes	link	issue34971 messages
2018-11-07 10:08:23	christian.heimes	create