[New-bugs-announce] [issue18735] SSL/TLS pinning for the ssl module
raymontag
report at bugs.python.org
Wed Aug 14 13:21:30 CEST 2013
New submission from raymontag:
Hello,
I would like to see an implementation for SSL/TLS pinning in the sll module of the standard library.
At this moment it's only possible to give the client a CAcert and check if the server's certificate is signed with this CA by creating a ssl.Context object with ssl.Context("/path/to/cafile"). If I don't know the server's certificate, that is I just have the root certificate, this is okay. But if I implement my own server/client structure I know the server's certificate. And here comes pinning into play: If I know server's certificate I could not only check if it's signed with my CA but also if it is the specific certificate I've signed. This is a better protection against MITM e.g. and would be a great enhancement of the ssl module IMHO.
raymontag
----------
messages: 195130
nosy: raymontag
priority: normal
severity: normal
status: open
title: SSL/TLS pinning for the ssl module
type: enhancement
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18735>
_______________________________________
More information about the New-bugs-announce
mailing list