diff options
| author | Illia Volochii <illia.volochii@gmail.com> | 2022-11-24 02:24:09 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-24 02:24:09 (GMT) |
| commit | 9dc08361bef67a331d1609c8629314c0ca5a79d5 (patch) | |
| tree | 7a70ab90fa9f4e9f2b82b239f2f8f391a292664c | |
| parent | c69cfcdb116c4907b306e2bd0e263d5ceba48bd5 (diff) | |
| download | cpython-9dc08361bef67a331d1609c8629314c0ca5a79d5.zip cpython-9dc08361bef67a331d1609c8629314c0ca5a79d5.tar.gz cpython-9dc08361bef67a331d1609c8629314c0ca5a79d5.tar.bz2 | |
gh-96828: Add an `ssl.OP_ENABLE_KTLS` option (GH-96830)
Expose the constant when OpenSSL defines it.
| -rw-r--r-- | Doc/library/ssl.rst | 16 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2022-09-14-21-56-15.gh-issue-96828.ZoOY5G.rst | 2 | ||||
| -rw-r--r-- | Modules/_ssl.c | 3 |
3 files changed, 21 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 4e6d06d..08824fe 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -807,6 +807,22 @@ Constants .. versionadded:: 3.10 +.. data:: OP_ENABLE_KTLS + + Enable the use of the kernel TLS. To benefit from the feature, OpenSSL must + have been compiled with support for it, and the negotiated cipher suites and + extensions must be supported by it (a list of supported ones may vary by + platform and kernel version). + + Note that with enabled kernel TLS some cryptographic operations are + performed by the kernel directly and not via any available OpenSSL + Providers. This might be undesirable if, for example, the application + requires all cryptographic operations to be performed by the FIPS provider. + + This option is only available with OpenSSL 3.0.0 and later. + + .. versionadded:: 3.12 + .. data:: HAS_ALPN Whether the OpenSSL library has built-in support for the *Application-Layer diff --git a/Misc/NEWS.d/next/Library/2022-09-14-21-56-15.gh-issue-96828.ZoOY5G.rst b/Misc/NEWS.d/next/Library/2022-09-14-21-56-15.gh-issue-96828.ZoOY5G.rst new file mode 100644 index 0000000..d8a4488 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-09-14-21-56-15.gh-issue-96828.ZoOY5G.rst @@ -0,0 +1,2 @@ +Add an :data:`~ssl.OP_ENABLE_KTLS` option for enabling the use of the kernel +TLS (kTLS). Patch by Illia Volochii. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 2826d15..2885774 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -5864,6 +5864,9 @@ sslmodule_init_constants(PyObject *m) PyModule_AddIntConstant(m, "OP_IGNORE_UNEXPECTED_EOF", SSL_OP_IGNORE_UNEXPECTED_EOF); #endif +#ifdef SSL_OP_ENABLE_KTLS + PyModule_AddIntConstant(m, "OP_ENABLE_KTLS", SSL_OP_ENABLE_KTLS); +#endif #ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT", |