[New-bugs-announce] [issue33570] OpenSSL 1.1.1 / TLS 1.3 cipher suite changes
Christian Heimes
report at bugs.python.org
Fri May 18 09:00:38 EDT 2018
New submission from Christian Heimes <lists at cheimes.de>:
The definition and configuration of TLS 1.3 cipher suites has changed during the development phase of OpenSSL 1.1.1. The cipher suites are no longer prefixed with "TLS13-". TLS 1.3 are always enabled and can no longer be disabled with SSLContext.set_ciphers() / SSL_CTX_set_cipher_list(). Instead the suites are now configured with SSL_CTX_set_ciphersuites(). See https://github.com/openssl/openssl/pull/5392
For now I'm not going to expose the new API. Instead I'll update the documentation and tests for 2.7 to 3.8 with new names. I'll also mention that TLS 1.3 suites will be always available with OpenSSL 1.1.1.
----------
assignee: christian.heimes
components: SSL
messages: 317027
nosy: alex, benjamin.peterson, christian.heimes, dstufft, janssen, ned.deily
priority: high
severity: normal
stage: test needed
status: open
title: OpenSSL 1.1.1 / TLS 1.3 cipher suite changes
type: behavior
versions: Python 2.7, Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue33570>
_______________________________________
More information about the New-bugs-announce
mailing list