[New-bugs-announce] [issue29136] Add OP_NO_TLSv1_3
Christian Heimes
report at bugs.python.org
Mon Jan 2 16:07:24 EST 2017
New submission from Christian Heimes:
OpenSSL 1.1.1 is going to provide TLS 1.3. The preferred protocols PROTOCOL_TLS (old name PROTOCOL_SSLv23), PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER are going to have TLS 1.3 enabled by default. In order to disable TLS 1.3, let's add OP_NO_TLSv1_3 to _ssl.c and guard it with #ifdef SSL_OP_NO_TLSv1_3
https://github.com/openssl/openssl/blob/d2e491f225d465b11f18a466bf399d4a899cb50e/include/openssl/ssl.h#L346
Benjamin, Larry, Ned, are you ok with a new flag? OpenSSL 1.1.1 won't be available any time soon. I like to add the flag *after* the upcoming round of releases.
----------
assignee: christian.heimes
components: SSL
messages: 284504
nosy: benjamin.peterson, christian.heimes, larry, ned.deily
priority: normal
severity: normal
stage: needs patch
status: open
title: Add OP_NO_TLSv1_3
type: enhancement
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29136>
_______________________________________
More information about the New-bugs-announce
mailing list