Message346820
httplib.client does not enable post-handshake authentication for TLS 1.3 connections. PHA is necessary for TLS 1.3 connections to servers that have conditional client cert authentication. For example Apache mod_ssl uses PHA when only certain paths or request methods require a client cert to authenticate a client.
Since TLS 1.3 is enabled by default with OpenSSL 1.1.1 and TLS 1.3 is preferred over TLS 1.2, the lack of PHA extension breaks backwards compatibility. |
|
Date |
User |
Action |
Args |
2019-06-28 14:29:05 | christian.heimes | set | recipients:
+ christian.heimes, janssen, ned.deily, alex, dstufft |
2019-06-28 14:29:05 | christian.heimes | set | messageid: <1561732145.9.0.0353203933987.issue37440@roundup.psfhosted.org> |
2019-06-28 14:29:05 | christian.heimes | link | issue37440 messages |
2019-06-28 14:29:05 | christian.heimes | create | |
|