diff options
| author | stratakis <cstratak@redhat.com> | 2019-02-15 17:27:44 (GMT) |
|---|---|---|
| committer | Victor Stinner <vstinner@redhat.com> | 2019-02-15 17:27:44 (GMT) |
| commit | 2149a9ad7a9d39d7d680ec0fb602042c91057484 (patch) | |
| tree | b45e3f3f5c47752b44873be0b2782b88d4b5fa71 /Doc | |
| parent | 28eb87f4f558952f259fada7be1ab5b31b8a91ef (diff) | |
| download | cpython-2149a9ad7a9d39d7d680ec0fb602042c91057484.zip cpython-2149a9ad7a9d39d7d680ec0fb602042c91057484.tar.gz cpython-2149a9ad7a9d39d7d680ec0fb602042c91057484.tar.bz2 | |
[2.7] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761) (GH-11876)
Backport of TLS 1.3 related fixes from 3.7.
Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.
OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826)
Diffstat (limited to 'Doc')
| -rw-r--r-- | Doc/library/ssl.rst | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 35c9548..8e90492 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -742,6 +742,15 @@ Constants .. versionadded:: 2.7.9 +.. data:: OP_ENABLE_MIDDLEBOX_COMPAT + + Send dummy Change Cipher Spec (CCS) messages in TLS 1.3 handshake to make + a TLS 1.3 connection look more like a TLS 1.2 connection. + + This option is only available with OpenSSL 1.1.1 and later. + + .. versionadded:: 2.7.16 + .. data:: OP_NO_COMPRESSION Disable compression on the SSL channel. This is useful if the application |