Issue #27866: Add SSLContext.get_ciphers() method to get a list of all enabled ciphers.

author: Christian Heimes <christian@python.org> 2016-09-05 22:04:45 (GMT)
committer: Christian Heimes <christian@python.org> 2016-09-05 22:04:45 (GMT)
commit: 25bfcd5d9eb324128e52d35c508621e017791f2b (patch)
tree: 9f5053f612cae587a2d91c1346f5c2aac7a66b71 /Doc/library/ssl.rst
parent: dffa3949c7431e819c64a890bce41fe769e47da1 (diff)
download: cpython-25bfcd5d9eb324128e52d35c508621e017791f2b.zip
cpython-25bfcd5d9eb324128e52d35c508621e017791f2b.tar.gz
cpython-25bfcd5d9eb324128e52d35c508621e017791f2b.tar.bz2
1 files changed, 56 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 04fad06..892c0ea 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -1259,6 +1259,62 @@ to speed up repeated connections from the same clients.
 
    .. versionadded:: 3.4
 
+.. method:: SSLContext.get_ciphers()
+
+   Get a list of enabled ciphers. The list is in order of cipher priority.
+   See :meth:`SSLContext.set_ciphers`.
+
+   Example::
+
+       >>> ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+       >>> ctx.set_ciphers('ECDHE+AESGCM:!ECDSA')
+       >>> ctx.get_ciphers()  # OpenSSL 1.0.x
+       [{'alg_bits': 256,
+         'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  '
+                        'Enc=AESGCM(256) Mac=AEAD',
+         'id': 50380848,
+         'name': 'ECDHE-RSA-AES256-GCM-SHA384',
+         'protocol': 'TLSv1/SSLv3',
+         'strength_bits': 256},
+        {'alg_bits': 128,
+         'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  '
+                        'Enc=AESGCM(128) Mac=AEAD',
+         'id': 50380847,
+         'name': 'ECDHE-RSA-AES128-GCM-SHA256',
+         'protocol': 'TLSv1/SSLv3',
+         'strength_bits': 128}]
+
+   On OpenSSL 1.1 and newer the cipher dict contains additional fields::
+       >>> ctx.get_ciphers()  # OpenSSL 1.1+
+       [{'aead': True,
+         'alg_bits': 256,
+         'auth': 'auth-rsa',
+         'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  '
+                        'Enc=AESGCM(256) Mac=AEAD',
+         'digest': None,
+         'id': 50380848,
+         'kea': 'kx-ecdhe',
+         'name': 'ECDHE-RSA-AES256-GCM-SHA384',
+         'protocol': 'TLSv1.2',
+         'strength_bits': 256,
+         'symmetric': 'aes-256-gcm'},
+        {'aead': True,
+         'alg_bits': 128,
+         'auth': 'auth-rsa',
+         'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  '
+                        'Enc=AESGCM(128) Mac=AEAD',
+         'digest': None,
+         'id': 50380847,
+         'kea': 'kx-ecdhe',
+         'name': 'ECDHE-RSA-AES128-GCM-SHA256',
+         'protocol': 'TLSv1.2',
+         'strength_bits': 128,
+         'symmetric': 'aes-128-gcm'}]
+
+   Availability: OpenSSL 1.0.2+
+
+   .. versionadded:: 3.6
+
 .. method:: SSLContext.set_default_verify_paths()
 
    Load a set of default "certification authority" (CA) certificates from
author	Christian Heimes <christian@python.org>	2016-09-05 22:04:45 (GMT)
committer	Christian Heimes <christian@python.org>	2016-09-05 22:04:45 (GMT)
commit	25bfcd5d9eb324128e52d35c508621e017791f2b (patch)
tree	9f5053f612cae587a2d91c1346f5c2aac7a66b71 /Doc/library/ssl.rst
parent	dffa3949c7431e819c64a890bce41fe769e47da1 (diff)
download	cpython-25bfcd5d9eb324128e52d35c508621e017791f2b.zip cpython-25bfcd5d9eb324128e52d35c508621e017791f2b.tar.gz cpython-25bfcd5d9eb324128e52d35c508621e017791f2b.tar.bz2