[issue43902] ssl module: add getter for SSL_CTX* and SSL*
Hans-Christoph Steiner
report at bugs.python.org
Sun Mar 20 10:22:54 EDT 2022
Hans-Christoph Steiner <hans at eds.org> added the comment:
This general idea sounds nice to have, I hope it can be included. `ctx._call_with_ctypes("SSL_CTX_set_ciphersuites"...` also sounds totally workable to me, if that has the best security profile.
Defense in depth is important, but it is not a reason to prevent key functionality from landing. For example, "export_keying_material" is an RFC and widely implemented (Go crypto/tls, Rustls, Conscrypt, nodejs, boringssl, openssl, BouncyCastle, etc see links here https://github.com/python/cpython/pull/25255#issuecomment-1073256270). It is used in IETF protocols like SRTP and NTS.
Perhaps that could be a concrete use case here for thinking about the security profile?
----------
nosy: +eighthave
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43902>
_______________________________________
More information about the Python-bugs-list
mailing list