granicus.if.org Git - python/commit

author	Christian Heimes <christian@python.org>
	Fri, 8 Sep 2017 05:31:17 +0000 (22:31 -0700)
committer	GitHub <noreply@github.com>
	Fri, 8 Sep 2017 05:31:17 +0000 (22:31 -0700)
commit	b9a860f3bf80b0d4a6c25d0f2f6ef849d9bf3594
tree	ea012beedf1483b15929c0ae45a643b356979b37	tree \| snapshot
parent	7dcea4c8769e4f12197646922f399a699c3e2a5a	commit \| diff

[2.7] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (GH-1363) (#3446)

* bpo-29136: Add TLS 1.3 support

TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3
cipher suites don't overlap with cipher suites from TLS 1.2 and earlier.
Since Python sets its own set of permitted ciphers, TLS 1.3 handshake
will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common
AES-GCM and ChaCha20 suites.

Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with
OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3
now.

Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit cb5b68abdeb1b1d56c581d5b4d647018703d61e3)

Doc/library/ssl.rst		diff \| blob \| history
Lib/ssl.py		diff \| blob \| history
Lib/test/test_ssl.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2017-09-04-16-39-49.bpo-29136.vSn1oR.rst	[new file with mode: 0644]	blob
Modules/_ssl.c		diff \| blob \| history