[issue31892] ssl.get_server_certificate should allow specifying certificate / key type
Christian Heimes
report at bugs.python.org
Wed Nov 1 09:19:31 EDT 2017
Christian Heimes <lists at cheimes.de> added the comment:
Thanks for your feature request, Hanno.
It's fairly easy to implement with current API for TLS protocols up to TLS 1.2, e.g. cipher suite "DEFAULT:!aRSA:!aDSS" or "aECDSA:!NULL" for ECDSA certs.
However TLS 1.3 cipher suites no longer specify authentication and KE/KX algorithms, e.g. TLS13-AES-256-GCM-SHA384. I have to find a way to force OpenSSL's state machine to establish a connection with a specific authentication algorithm.
Memo to me: TLS 1.3 also has EdDSA.
----------
nosy: +alex, dstufft, janssen
versions: +Python 2.7, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue31892>
_______________________________________
More information about the Python-bugs-list
mailing list