summaryrefslogtreecommitdiffstats
path: root/Lib/ssl.py
Commit message (Collapse)AuthorAgeFilesLines
...
* bpo-28182: Expose OpenSSL verification results (#3412)Christian Heimes2017-09-081-1/+1
| | | | | | | | | The SSL module now raises SSLCertVerificationError when OpenSSL fails to verify the peer's certificate. The exception contains more information about the error. Original patch by Chi Hsuan Yen Signed-off-by: Christian Heimes <christian@python.org>
* bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (#1363)Christian Heimes2017-09-081-1/+7
| | | | | | | | | | | | | | | | * bpo-29136: Add TLS 1.3 support TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3 cipher suites don't overlap with cipher suites from TLS 1.2 and earlier. Since Python sets its own set of permitted ciphers, TLS 1.3 handshake will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common AES-GCM and ChaCha20 suites. Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3 now. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-27340: Use memoryview in SSLSocket.sendall() (#3384)Christian Heimes2017-09-071-4/+5
| | | | | | | | | | | | | | * bpo-27340: Use memoryview in SSLSocket.sendall() SSLSocket.sendall() now uses memoryview to create slices of data. This fix support for all bytes-like object. It is also more efficient and avoids costly copies. Signed-off-by: Christian Heimes <christian@python.org> * Cast view to bytes, fix typo Signed-off-by: Christian Heimes <christian@python.org>
* Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContextChristian Heimes2016-09-111-0/+2
|
* Issue #19500: Add client-side SSL session resumption to the ssl module.Christian Heimes2016-09-101-12/+53
|
* Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.Christian Heimes2016-09-101-1/+0
| | | | | | | The deprecation include manual creation of SSLSocket and certfile/keyfile (or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib. ssl.wrap_socket() is not marked as deprecated yet.
* Issue 28043: SSLContext has improved default settingsChristian Heimes2016-09-101-24/+6
| | | | The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
* Issue #28025: Convert all ssl module constants to IntEnum and IntFlags.Christian Heimes2016-09-091-19/+61
|
* Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Christian Heimes2016-09-061-15/+21
|\ | | | | | | ChaCha20 Poly1305.
| * Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Christian Heimes2016-09-061-15/+21
| | | | | | | | ChaCha20 Poly1305.
* | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-8/+10
|\ \ | |/
| * Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-8/+10
| |
* | Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵Steve Dower2016-05-261-5/+9
|\ \ | |/ | | | | PermissionError
| * Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵Steve Dower2016-05-261-5/+9
| | | | | | | | PermissionError
* | Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv PalivodaMartin Panter2016-04-031-1/+0
|/
* Issue #23804: Fix SSL recv/read(0) to not return 1024 bytesMartin Panter2016-03-281-3/+3
|
* Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store ↵Steve Dower2016-03-171-1/+2
| | | | is empty. Patch by Baji.
* issue23673Ethan Furman2015-03-191-4/+4
| | | | | | | | | add private method to enum to support replacing global constants with Enum members: - search for candidate constants via supplied filter - create new enum class and members - insert enum class and replace constants with members via supplied module name - replace __reduce_ex__ with function that returns member name, so previous Python versions can unpickle modify IntEnum classes to use new method
* merge 3.4Benjamin Peterson2015-03-051-2/+1
|\
| * use _import_symbols to import VERIFY_* constantsBenjamin Peterson2015-03-051-2/+1
| |
* | merge 3.4 (#23481)Benjamin Peterson2015-02-191-4/+2
|\ \ | |/
| * remove rc4 from the default client ciphers (closes #23481)Benjamin Peterson2015-02-191-4/+2
| |
| * Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2015-01-061-1/+6
| | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
| * Issue #20896, #22935: The ssl.get_server_certificate() function now uses theVictor Stinner2015-01-061-1/+1
| | | | | | | | | | | | ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is disabled.
| * Issue #22935: Fix ssl module when SSLv3 protocol is not supportedVictor Stinner2014-12-121-6/+2
| |
* | Issue #23239: ssl.match_hostname() now supports matching of IP addresses.Antoine Pitrou2015-02-151-1/+22
| |
* | add support for ALPN (closes #20188)Benjamin Peterson2015-01-231-1/+26
| |
* | remove extra definite articleBenjamin Peterson2015-01-111-2/+2
| |
* | explain None can be returnedBenjamin Peterson2015-01-071-1/+3
| |
* | expose the client's cipher suites from the handshake (closes #23186)Benjamin Peterson2015-01-071-0/+10
| |
* | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2014-11-281-1/+6
| | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
* | merge 3.4 (#22921)Benjamin Peterson2014-11-231-6/+1
|\ \ | |/
| * don't require OpenSSL SNI to pass hostname to ssl functions (#22921)Benjamin Peterson2014-11-231-6/+1
| | | | | | | | Patch by Donald Stufft.
| * Issue #22638: SSLv3 is now disabled throughout the standard library.Antoine Pitrou2014-10-171-0/+3
| | | | | | | | It can still be enabled by instantiating a SSLContext manually.
* | merge 3.4 (#22417)Benjamin Peterson2014-11-031-2/+8
|\ \ | |/
| * PEP 476: enable HTTPS certificate verification by default (#22417)Benjamin Peterson2014-11-031-2/+9
| | | | | | | | Patch by Alex Gaynor with some modifications by me.
* | Issue #22186: Fix typos in Lib/.Berker Peksag2014-10-191-1/+1
|\ \ | |/ | | | | Patch by Févry Thibault.
| * Issue #22186: Fix typos in Lib/.Berker Peksag2014-10-191-1/+1
| | | | | | | | Patch by Févry Thibault.
* | Issue #22638: SSLv3 is now disabled throughout the standard library.Antoine Pitrou2014-10-171-0/+3
| | | | | | | | It can still be enabled by instantiating a SSLContext manually.
* | Remove unused "block" argument in SSLObject.do_handshake() (issue #21965)Antoine Pitrou2014-10-051-1/+1
| |
* | Issue #21965: Add support for in-memory SSL to the ssl module.Antoine Pitrou2014-10-051-24/+139
| | | | | | | | Patch by Geert Jansen.
* | merge 3.4 (#22449)Benjamin Peterson2014-10-031-2/+1
|\ \ | |/
| * also use openssl envvars to find certs on windows (closes #22449)Benjamin Peterson2014-10-031-2/+1
| | | | | | | | Patch by Christian Heimes and Alex Gaynor.
* | Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵Antoine Pitrou2014-09-041-0/+9
| | | | | | | | protocol version in use.
* | fix issue #17552: add socket.sendfile() method allowing to send a file over ↵Giampaolo Rodola'2014-06-111-0/+10
| | | | | | | | a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'·
* | Issue #20951: SSLSocket.send() now raises either SSLWantReadError or ↵Antoine Pitrou2014-04-291-11/+1
| | | | | | | | | | | | SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0. Patch by Nikolaus Rath.
* | Issue #19940: ssl.cert_time_to_seconds() now interprets the given time ↵Antoine Pitrou2014-04-281-5/+27
| | | | | | | | | | | | string in the UTC timezone (as specified in RFC 5280), not the local timezone. Patch by Akira.
* | Issue #21068: The ssl.PROTOCOL* constants are now enum members.Antoine Pitrou2014-04-181-19/+8
| |
* | Issue #20896: ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not ↵Antoine Pitrou2014-04-161-1/+1
|/ | | | PROTOCOL_SSLv3, for maximum compatibility.
* Issue #21013: Enhance ssl.create_default_context() for server side contextsDonald Stufft2014-03-231-6/+24
| | | | | | | | | | | | | | | | | | | | Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3.
generated by cgit v0.12 at 2025-03-30 03:13:22 (GMT)