diff options
| author | Benjamin Peterson <benjamin@python.org> | 2015-01-07 17:14:26 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2015-01-07 17:14:26 (GMT) |
| commit | 4cb17812d94c57868257743dc163b4c62a1de9d7 (patch) | |
| tree | e24551431a302b33124962a68d6b9742de45510c /Lib/test/test_ssl.py | |
| parent | e5db863c224f32103760d1c745acf9b140a40902 (diff) | |
| download | cpython-4cb17812d94c57868257743dc163b4c62a1de9d7.zip cpython-4cb17812d94c57868257743dc163b4c62a1de9d7.tar.gz cpython-4cb17812d94c57868257743dc163b4c62a1de9d7.tar.bz2 | |
expose the client's cipher suites from the handshake (closes #23186)
Diffstat (limited to 'Lib/test/test_ssl.py')
| -rw-r--r-- | Lib/test/test_ssl.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 3bb9819..e27151c 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1698,11 +1698,13 @@ class NetworkedBIOTests(unittest.TestCase): sslobj = ctx.wrap_bio(incoming, outgoing, False, 'svn.python.org') self.assertIs(sslobj._sslobj.owner, sslobj) self.assertIsNone(sslobj.cipher()) + self.assertIsNone(sslobj.shared_ciphers()) self.assertRaises(ValueError, sslobj.getpeercert) if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES: self.assertIsNone(sslobj.get_channel_binding('tls-unique')) self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake) self.assertTrue(sslobj.cipher()) + self.assertIsNone(sslobj.shared_ciphers()) self.assertTrue(sslobj.getpeercert()) if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES: self.assertTrue(sslobj.get_channel_binding('tls-unique')) @@ -1776,6 +1778,7 @@ else: self.close() return False else: + self.server.shared_ciphers.append(self.sslconn.shared_ciphers()) if self.server.context.verify_mode == ssl.CERT_REQUIRED: cert = self.sslconn.getpeercert() if support.verbose and self.server.chatty: @@ -1891,6 +1894,7 @@ else: self.flag = None self.active = False self.selected_protocols = [] + self.shared_ciphers = [] self.conn_errors = [] threading.Thread.__init__(self) self.daemon = True @@ -2121,6 +2125,7 @@ else: }) s.close() stats['server_npn_protocols'] = server.selected_protocols + stats['server_shared_ciphers'] = server.shared_ciphers return stats def try_protocol_combo(server_protocol, client_protocol, expect_success, @@ -3157,6 +3162,18 @@ else: self.assertEqual(cm.exception.reason, 'TLSV1_ALERT_INTERNAL_ERROR') self.assertIn("TypeError", stderr.getvalue()) + def test_shared_ciphers(self): + server_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + client_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + client_context.set_ciphers("3DES") + server_context.set_ciphers("3DES:AES") + stats = server_params_test(client_context, server_context) + ciphers = stats['server_shared_ciphers'][0] + self.assertGreater(len(ciphers), 0) + for name, tls_version, bits in ciphers: + self.assertIn("DES-CBC3-", name) + self.assertEqual(bits, 112) + def test_read_write_after_close_raises_valuerror(self): context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) context.verify_mode = ssl.CERT_REQUIRED |