diff options
author | Christian Heimes <christian@python.org> | 2023-05-20 23:33:09 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-20 23:33:09 (GMT) |
commit | 3ed57e4995d9f8583083483f397ddc3131720953 (patch) | |
tree | cea152a7d52840c5a958db40c9f543d3fa5d0d8c /Misc | |
parent | 12f1581b0c43f40a792c188e17d2dea2357debb3 (diff) | |
download | cpython-3ed57e4995d9f8583083483f397ddc3131720953.zip cpython-3ed57e4995d9f8583083483f397ddc3131720953.tar.gz cpython-3ed57e4995d9f8583083483f397ddc3131720953.tar.bz2 |
gh-61460: Stronger HMAC in multiprocessing (#20380)
bpo-17258: `multiprocessing` now supports stronger HMAC algorithms for inter-process connection authentication rather than only HMAC-MD5.
Signed-off-by: Christian Heimes <christian@python.org>
gpshead: I Reworked to be more robust while keeping the idea.
The protocol modification idea remains, but we now take advantage of the
message length as an indicator of legacy vs modern protocol version. No
more regular expression usage. We now default to HMAC-SHA256, but do so
in a way that will be compatible when communicating with older clients
or older servers. No protocol transition period is needed.
More integration tests to verify these claims remain true are required. I'm
unaware of anyone depending on multiprocessing connections between
different Python versions.
---------
Signed-off-by: Christian Heimes <christian@python.org>
Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
Diffstat (limited to 'Misc')
-rw-r--r-- | Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst b/Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst new file mode 100644 index 0000000..18ebd6e --- /dev/null +++ b/Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst @@ -0,0 +1,2 @@ +:mod:`multiprocessing` now supports stronger HMAC algorithms for inter-process +connection authentication rather than only HMAC-MD5. |