On Thu, 16 Apr 2020 05:07:15 +1000 Chris Angelico email@example.com wrote:
On Thu, Apr 16, 2020 at 4:55 AM Ander Juaristi firstname.lastname@example.org wrote:
TLS session resumption is currently supported, but only within the same process. To the best of my knowledge, there is no way to save the TLS session to a file to resume the TLS session later on. Please tell me how this is done if I'm wrong.
Not a Python SSL expert, but have you tried pickling the session object?
If that doesn't work, then I would say that adding pickle support (using the semantics you describe) would be the cleanest way to do this.
Not sure pickling is the right answer here. The problem is, if someone is pickling an arbitrary application object, and that object happens to have a TLS session somewhere as an attribute (perhaps indirectly), the TLS session's secrets will be persisted without the developer noticing.
Forcing serialization to go through an explicit step (such as the to_der() method that's been proposed) sounds much better to ensure that serialization of secrets only happens deliberately, not accidentally.
Ander: personally, I would be +1 on the proposed improvement, but someone needs to submit a PR (and of course it has to be reviewed then :-)).