Author christian.heimes
Recipients alex, christian.heimes, dstufft, janssen, ned.deily
Date 2019-06-28.14:29:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1561732145.9.0.0353203933987.issue37440@roundup.psfhosted.org>
In-reply-to
Content
httplib.client does not enable post-handshake authentication for TLS 1.3 connections. PHA is necessary for TLS 1.3 connections to servers that have conditional client cert authentication. For example Apache mod_ssl uses PHA when only certain paths or request methods require a client cert to authenticate a client.

Since TLS 1.3 is enabled by default with OpenSSL 1.1.1 and TLS 1.3 is preferred over TLS 1.2, the lack of PHA extension breaks backwards compatibility.
History
Date User Action Args
2019-06-28 14:29:05christian.heimessetrecipients: + christian.heimes, janssen, ned.deily, alex, dstufft
2019-06-28 14:29:05christian.heimessetmessageid: <1561732145.9.0.0353203933987.issue37440@roundup.psfhosted.org>
2019-06-28 14:29:05christian.heimeslinkissue37440 messages
2019-06-28 14:29:05christian.heimescreate