diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2011-12-19 16:16:51 (GMT) |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2011-12-19 16:16:51 (GMT) |
| commit | 923df6f22a4a9ca0e2d5f15b29ec747ce00cd606 (patch) | |
| tree | f6d96b4d24957014b3a410df4f70fa8ddee6ab5a /Lib | |
| parent | d1301953fe355bc6637f33a4985c950bcfc73adf (diff) | |
| download | cpython-923df6f22a4a9ca0e2d5f15b29ec747ce00cd606.zip cpython-923df6f22a4a9ca0e2d5f15b29ec747ce00cd606.tar.gz cpython-923df6f22a4a9ca0e2d5f15b29ec747ce00cd606.tar.bz2 | |
Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/ssl.py | 2 | ||||
| -rw-r--r-- | Lib/test/ssl_servers.py | 5 | ||||
| -rw-r--r-- | Lib/test/test_ssl.py | 10 |
3 files changed, 16 insertions, 1 deletions
@@ -68,7 +68,7 @@ from _ssl import ( from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED from _ssl import ( OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, - OP_CIPHER_SERVER_PREFERENCE, + OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_ECDH_USE, ) from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes from _ssl import ( diff --git a/Lib/test/ssl_servers.py b/Lib/test/ssl_servers.py index 77be381..86bc950 100644 --- a/Lib/test/ssl_servers.py +++ b/Lib/test/ssl_servers.py @@ -176,6 +176,9 @@ if __name__ == "__main__": action='store_false', help='be less verbose') parser.add_argument('-s', '--stats', dest='use_stats_handler', default=False, action='store_true', help='always return stats page') + parser.add_argument('--curve-name', dest='curve_name', type=str, + action='store', + help='curve name for EC-based Diffie-Hellman') args = parser.parse_args() support.verbose = args.verbose @@ -186,6 +189,8 @@ if __name__ == "__main__": handler_class.root = os.getcwd() context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.load_cert_chain(CERTFILE) + if args.curve_name: + context.set_ecdh_curve(args.curve_name) server = HTTPSServer(("", args.port), handler_class, context) if args.verbose: diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 288b714..505550f 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -99,6 +99,7 @@ class BasicSocketTests(unittest.TestCase): ssl.CERT_OPTIONAL ssl.CERT_REQUIRED ssl.OP_CIPHER_SERVER_PREFERENCE + ssl.OP_SINGLE_ECDH_USE self.assertIn(ssl.HAS_SNI, {True, False}) def test_random(self): @@ -558,6 +559,15 @@ class ContextTests(unittest.TestCase): ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ctx.set_default_verify_paths() + def test_set_ecdh_curve(self): + ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + ctx.set_ecdh_curve("prime256v1") + ctx.set_ecdh_curve(b"prime256v1") + self.assertRaises(TypeError, ctx.set_ecdh_curve) + self.assertRaises(TypeError, ctx.set_ecdh_curve, None) + self.assertRaises(ValueError, ctx.set_ecdh_curve, "foo") + self.assertRaises(ValueError, ctx.set_ecdh_curve, b"foo") + class NetworkedTests(unittest.TestCase): |