[issue29136] Add OP_NO_TLSv1_3
Benjamin Peterson
report at bugs.python.org
Mon Jan 2 16:58:01 EST 2017
Benjamin Peterson added the comment:
I think that's fine for 2.7.
On Mon, Jan 2, 2017, at 13:07, Christian Heimes wrote:
>
> New submission from Christian Heimes:
>
> OpenSSL 1.1.1 is going to provide TLS 1.3. The preferred protocols
> PROTOCOL_TLS (old name PROTOCOL_SSLv23), PROTOCOL_TLS_CLIENT and
> PROTOCOL_TLS_SERVER are going to have TLS 1.3 enabled by default. In
> order to disable TLS 1.3, let's add OP_NO_TLSv1_3 to _ssl.c and guard it
> with #ifdef SSL_OP_NO_TLSv1_3
>
> https://github.com/openssl/openssl/blob/d2e491f225d465b11f18a466bf399d4a899cb50e/include/openssl/ssl.h#L346
>
> Benjamin, Larry, Ned, are you ok with a new flag? OpenSSL 1.1.1 won't be
> available any time soon. I like to add the flag *after* the upcoming
> round of releases.
>
> ----------
> assignee: christian.heimes
> components: SSL
> messages: 284504
> nosy: benjamin.peterson, christian.heimes, larry, ned.deily
> priority: normal
> severity: normal
> stage: needs patch
> status: open
> title: Add OP_NO_TLSv1_3
> type: enhancement
> versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <http://bugs.python.org/issue29136>
> _______________________________________
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29136>
_______________________________________
More information about the Python-bugs-list
mailing list