summaryrefslogtreecommitdiffstats
path: root/Misc
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2023-05-20 23:33:09 (GMT)
committerGitHub <noreply@github.com>2023-05-20 23:33:09 (GMT)
commit3ed57e4995d9f8583083483f397ddc3131720953 (patch)
treecea152a7d52840c5a958db40c9f543d3fa5d0d8c /Misc
parent12f1581b0c43f40a792c188e17d2dea2357debb3 (diff)
downloadcpython-3ed57e4995d9f8583083483f397ddc3131720953.zip
cpython-3ed57e4995d9f8583083483f397ddc3131720953.tar.gz
cpython-3ed57e4995d9f8583083483f397ddc3131720953.tar.bz2
gh-61460: Stronger HMAC in multiprocessing (#20380)
bpo-17258: `multiprocessing` now supports stronger HMAC algorithms for inter-process connection authentication rather than only HMAC-MD5. Signed-off-by: Christian Heimes <christian@python.org> gpshead: I Reworked to be more robust while keeping the idea. The protocol modification idea remains, but we now take advantage of the message length as an indicator of legacy vs modern protocol version. No more regular expression usage. We now default to HMAC-SHA256, but do so in a way that will be compatible when communicating with older clients or older servers. No protocol transition period is needed. More integration tests to verify these claims remain true are required. I'm unaware of anyone depending on multiprocessing connections between different Python versions. --------- Signed-off-by: Christian Heimes <christian@python.org> Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
Diffstat (limited to 'Misc')
-rw-r--r--Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst2
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst b/Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst
new file mode 100644
index 0000000..18ebd6e
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst
@@ -0,0 +1,2 @@
+:mod:`multiprocessing` now supports stronger HMAC algorithms for inter-process
+connection authentication rather than only HMAC-MD5.