[New-bugs-announce] [issue32359] Add getters for all SSLContext internal configuration

Nathaniel Smith report at bugs.python.org
Mon Dec 18 04:41:45 EST 2017

New submission from Nathaniel Smith <njs at pobox.com>:

Suppose you're writing a library that allows users to make or accept SSL/TLS connections. You use the 'ssl' module, because that's convenient. You need to let your users configure your SSL/TLS connections, and there really isn't any generic abstract way to do that -- SSL/TLS configuration is pretty complicated -- so you let your users set up an ssl.SSLContext and pass it into your API.

Later, you hit a limit in the ssl module and want to switch to PyOpenSSL, or perhaps eventually PEP 543. No problem: just switch what you're doing internally, and use some shim code to take the ssl.SSLContext objects that your users are passing in, and convert that to whatever your new library wants.

Except... ssl.SSLContext objects are almost entirely opaque. You can't read off the ciphers, or the ALPN protocols, or the servername_callback... so you're sunk. Once you expose ssl.SSLContext in your public API, you're stuck using the ssl module forever.

It would be nice if ssl.SSLContext provided getters that let you read off all the different configuration it holds.

assignee: christian.heimes
components: SSL
messages: 308533
nosy: alex, christian.heimes, dstufft, janssen, njs
priority: normal
severity: normal
status: open
title: Add getters for all SSLContext internal configuration

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list