Message 346820 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	alex, christian.heimes, dstufft, janssen, ned.deily
Date	2019-06-28.14:29:05
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1561732145.9.0.0353203933987.issue37440@roundup.psfhosted.org>
In-reply-to

Content
httplib.client does not enable post-handshake authentication for TLS 1.3 connections. PHA is necessary for TLS 1.3 connections to servers that have conditional client cert authentication. For example Apache mod_ssl uses PHA when only certain paths or request methods require a client cert to authenticate a client. Since TLS 1.3 is enabled by default with OpenSSL 1.1.1 and TLS 1.3 is preferred over TLS 1.2, the lack of PHA extension breaks backwards compatibility.

httplib.client does not enable post-handshake authentication for TLS 1.3 connections. PHA is necessary for TLS 1.3 connections to servers that have conditional client cert authentication. For example Apache mod_ssl uses PHA when only certain paths or request methods require a client cert to authenticate a client.

Since TLS 1.3 is enabled by default with OpenSSL 1.1.1 and TLS 1.3 is preferred over TLS 1.2, the lack of PHA extension breaks backwards compatibility.

History
Date	User	Action	Args
2019-06-28 14:29:05	christian.heimes	set	recipients: + christian.heimes, janssen, ned.deily, alex, dstufft
2019-06-28 14:29:05	christian.heimes	set	messageid: <1561732145.9.0.0353203933987.issue37440@roundup.psfhosted.org>
2019-06-28 14:29:05	christian.heimes	link	issue37440 messages
2019-06-28 14:29:05	christian.heimes	create