[New-bugs-announce] [issue37440] httplib should enable post-handshake authentication for TLS 1.3
Christian Heimes
report at bugs.python.org
Fri Jun 28 10:29:05 EDT 2019
New submission from Christian Heimes <lists at cheimes.de>:
httplib.client does not enable post-handshake authentication for TLS 1.3 connections. PHA is necessary for TLS 1.3 connections to servers that have conditional client cert authentication. For example Apache mod_ssl uses PHA when only certain paths or request methods require a client cert to authenticate a client.
Since TLS 1.3 is enabled by default with OpenSSL 1.1.1 and TLS 1.3 is preferred over TLS 1.2, the lack of PHA extension breaks backwards compatibility.
----------
assignee: christian.heimes
components: Library (Lib), SSL
messages: 346820
nosy: alex, christian.heimes, dstufft, janssen, ned.deily
priority: deferred blocker
severity: normal
status: open
title: httplib should enable post-handshake authentication for TLS 1.3
type: behavior
versions: Python 2.7, Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37440>
_______________________________________
More information about the New-bugs-announce
mailing list