[Security-sig] Unified TLS API for Python: Draft 3
Wes Turner
wes.turner at gmail.com
Fri Jan 27 10:30:00 EST 2017
On Fri, Jan 27, 2017 at 3:10 AM, Cory Benfield <cory at lukasa.co.uk> wrote:
>
> On 26 Jan 2017, at 21:17, Donald Stufft <donald at stufft.io> wrote:
>
>
> On Jan 26, 2017, at 4:18 AM, Cory Benfield <cory at lukasa.co.uk> wrote:
>
> For this reason I’m inclined to lean towards the more verbose approach of
> just writing down what all of the cipher suites are in an enum. That way,
> it gets much easier to validate what’s going on. There’s still no
> requirement to actually support them all: an implementation is allowed to
> quietly ignore any cipher suites it doesn’t support. But that can no longer
> happen due to typos, because typos now cause AttributeErrors at runtime in
> a way that is very obvious and clear.
>
>
>
> I’d say additionally that given the verbose approach a third party library
> could provide this OpenSSL like API and be responsible for “compiling” it
> down to the actual list of ciphers for input into the verbose API. If one
> of those got popular and seemed stable enough to add it, we could always
> add it in later as a higher level API for cipher selection without the
> backends needing to change anything since the output of such a function
> would still be a list of all of the desired ciphers which would be the
> input to the backends.
>
>
> Yup, strongly agreed.
>
https://github.com/tiran/tlsdb/blob/master/tlsdb.py
- [ ] ENH: tlsdb.py: add parsers/datasources for {SChannel, SecureTransport}
- [x] openssl-master
- [x] openssl-1.02
- [x] gnutls-master
- [x] nss-tip
- [x] mod_nss-master
- [x] **iana**
- [x] mozilla-server-side
- [ ] SChannel
- [ ] SecureTransport
- [ ] ENH: tlsdb.py: add OpenSSL-workalike lookup method
- [ ] BLD: tls.config.__: generate Enums?
>
> Cory
>
> _______________________________________________
> Security-SIG mailing list
> Security-SIG at python.org
> https://mail.python.org/mailman/listinfo/security-sig
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/security-sig/attachments/20170127/94806386/attachment-0001.html>
More information about the Security-SIG
mailing list