diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2011-12-19 12:27:11 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2011-12-19 12:27:11 (GMT) |
commit | 6db4944cc57804391b554d96f3400944779617f0 (patch) | |
tree | a364d79be7e165d959069b3c099416f351e33458 | |
parent | bfaa79a982f1aadfe2aa4e3fdc4ff75153286503 (diff) | |
download | cpython-6db4944cc57804391b554d96f3400944779617f0.zip cpython-6db4944cc57804391b554d96f3400944779617f0.tar.gz cpython-6db4944cc57804391b554d96f3400944779617f0.tar.bz2 |
Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
choose the cipher based on their own preferences, rather than on the
client's.
-rw-r--r-- | Doc/library/ssl.rst | 7 | ||||
-rw-r--r-- | Lib/ssl.py | 5 | ||||
-rw-r--r-- | Lib/test/test_ssl.py | 1 | ||||
-rw-r--r-- | Misc/NEWS | 4 | ||||
-rw-r--r-- | Modules/_ssl.c | 2 |
5 files changed, 18 insertions, 1 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 6651a69..69eaf8b 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -421,6 +421,13 @@ Constants .. versionadded:: 3.2 +.. data:: OP_CIPHER_SERVER_PREFERENCE + + Use the server's cipher ordering preference, rather than the client's. + This option has no effect on client sockets and SSLv2 server sockets. + + .. versionadded:: 3.3 + .. data:: HAS_SNI Whether the OpenSSL library has built-in support for the *Server Name @@ -66,7 +66,10 @@ from _ssl import ( SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED -from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 +from _ssl import ( + OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, + OP_CIPHER_SERVER_PREFERENCE, + ) from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes from _ssl import ( SSL_ERROR_ZERO_RETURN, diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index a2b4040..288b714 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -98,6 +98,7 @@ class BasicSocketTests(unittest.TestCase): ssl.CERT_NONE ssl.CERT_OPTIONAL ssl.CERT_REQUIRED + ssl.OP_CIPHER_SERVER_PREFERENCE self.assertIn(ssl.HAS_SNI, {True, False}) def test_random(self): @@ -419,6 +419,10 @@ Core and Builtins Library ------- +- Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers + choose the cipher based on their own preferences, rather than on the + client's. + - Issue #11813: Fix inspect.getattr_static for modules. Patch by Andreas Stührk. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 5772d90..0f3d2c1 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2450,6 +2450,8 @@ PyInit__ssl(void) PyModule_AddIntConstant(m, "OP_NO_SSLv2", SSL_OP_NO_SSLv2); PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3); PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1); + PyModule_AddIntConstant(m, "OP_CIPHER_SERVER_PREFERENCE", + SSL_OP_CIPHER_SERVER_PREFERENCE); #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME r = Py_True; |