summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2011-12-19 12:27:11 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2011-12-19 12:27:11 (GMT)
commit6db4944cc57804391b554d96f3400944779617f0 (patch)
treea364d79be7e165d959069b3c099416f351e33458
parentbfaa79a982f1aadfe2aa4e3fdc4ff75153286503 (diff)
downloadcpython-6db4944cc57804391b554d96f3400944779617f0.zip
cpython-6db4944cc57804391b554d96f3400944779617f0.tar.gz
cpython-6db4944cc57804391b554d96f3400944779617f0.tar.bz2
Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
choose the cipher based on their own preferences, rather than on the client's.
-rw-r--r--Doc/library/ssl.rst7
-rw-r--r--Lib/ssl.py5
-rw-r--r--Lib/test/test_ssl.py1
-rw-r--r--Misc/NEWS4
-rw-r--r--Modules/_ssl.c2
5 files changed, 18 insertions, 1 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 6651a69..69eaf8b 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -421,6 +421,13 @@ Constants
.. versionadded:: 3.2
+.. data:: OP_CIPHER_SERVER_PREFERENCE
+
+ Use the server's cipher ordering preference, rather than the client's.
+ This option has no effect on client sockets and SSLv2 server sockets.
+
+ .. versionadded:: 3.3
+
.. data:: HAS_SNI
Whether the OpenSSL library has built-in support for the *Server Name
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 76f68f0..0cf2fae 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -66,7 +66,10 @@ from _ssl import (
SSLSyscallError, SSLEOFError,
)
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1
+from _ssl import (
+ OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+ OP_CIPHER_SERVER_PREFERENCE,
+ )
from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
from _ssl import (
SSL_ERROR_ZERO_RETURN,
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index a2b4040..288b714 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -98,6 +98,7 @@ class BasicSocketTests(unittest.TestCase):
ssl.CERT_NONE
ssl.CERT_OPTIONAL
ssl.CERT_REQUIRED
+ ssl.OP_CIPHER_SERVER_PREFERENCE
self.assertIn(ssl.HAS_SNI, {True, False})
def test_random(self):
diff --git a/Misc/NEWS b/Misc/NEWS
index 36ce1f4..e04ae7a 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -419,6 +419,10 @@ Core and Builtins
Library
-------
+- Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
+ choose the cipher based on their own preferences, rather than on the
+ client's.
+
- Issue #11813: Fix inspect.getattr_static for modules. Patch by Andreas
Stührk.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5772d90..0f3d2c1 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2450,6 +2450,8 @@ PyInit__ssl(void)
PyModule_AddIntConstant(m, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
+ PyModule_AddIntConstant(m, "OP_CIPHER_SERVER_PREFERENCE",
+ SSL_OP_CIPHER_SERVER_PREFERENCE);
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
r = Py_True;