[issue32257] Support Disabling Renegotiation for SSLContext
Christian Heimes
report at bugs.python.org
Mon Feb 26 03:17:59 EST 2018
Christian Heimes <lists at cheimes.de> added the comment:
The OP_NO_RENEGOTIATION option prevents renegotiation in TLS 1.2 and lower. Renegotiation is a problematic TLS feature that has led to security issues like CVE-2009-3555. TLS 1.3 has removed renegotiation completely in favor of much more reliable and simpler rekeying.
PR5904 just adds the constant to the list of options and documents it. I didn't add it earlier because it wasn't available in the OpenSSL 1.1.0 branch until now. The next upcoming release of 1.1.0 will have it.
----------
nosy: +ned.deily
priority: high -> deferred blocker
versions: +Python 3.8 -Python 2.7, Python 3.6
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32257>
_______________________________________
More information about the Python-bugs-list
mailing list