summaryrefslogtreecommitdiffstats
path: root/Doc
diff options
context:
space:
mode:
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>2024-06-16 20:43:20 (GMT)
committerGitHub <noreply@github.com>2024-06-16 20:43:20 (GMT)
commit7655989a3a777339586a48242677b8bb9cec4c92 (patch)
tree098762cb495a26271030e7094e4e9f1e9f5fc6f0 /Doc
parent1c41aa78d85ee9224cc8609302f7a9b47c6186be (diff)
downloadcpython-7655989a3a777339586a48242677b8bb9cec4c92.zip
cpython-7655989a3a777339586a48242677b8bb9cec4c92.tar.gz
cpython-7655989a3a777339586a48242677b8bb9cec4c92.tar.bz2
[3.13] gh-118596: Add thread-safety clarifications to the SSLContext documentation (GH-118597) (#120595)
gh-118596: Add thread-safety clarifications to the SSLContext documentation (GH-118597) Add thread-safety clarifications to the SSLContext documentation. Per the issue: This issue has also come up [here](https://github.com/psf/requests/pull/6667) where the matter was clarified by @tiran in [this comment](https://github.com/psf/requests/pull/6667): > `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program. (cherry picked from commit 4f59f8638267aa64ad2daa0111d8b7fdc2499834) Co-authored-by: mm-matthias <43849132+mm-matthias@users.noreply.github.com>
Diffstat (limited to 'Doc')
-rw-r--r--Doc/library/ssl.rst13
1 files changed, 13 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 99abf45..dc72f67 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -1472,6 +1472,19 @@ to speed up repeated connections from the same clients.
:data:`PROTOCOL_TLS`, :data:`PROTOCOL_TLS_CLIENT`, and
:data:`PROTOCOL_TLS_SERVER` use TLS 1.2 as minimum TLS version.
+ .. note::
+
+ :class:`SSLContext` only supports limited mutation once it has been used
+ by a connection. Adding new certificates to the internal trust store is
+ allowed, but changing ciphers, verification settings, or mTLS
+ certificates may result in surprising behavior.
+
+ .. note::
+
+ :class:`SSLContext` is designed to be shared and used by multiple
+ connections.
+ Thus, it is thread-safe as long as it is not reconfigured after being
+ used by a connection.
:class:`SSLContext` objects have the following methods and attributes: