[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Victor Stinner victor.stinner at gmail.com
Wed Jun 7 09:29:19 EDT 2017

2017-06-07 10:56 GMT+02:00 Nathaniel Smith <njs at pobox.com>:
> Another testing challenge is that the stdlib ssl module has no way to
> trigger a renegotiation, and therefore there's no way to write tests
> to check that it properly handles a renegotiation, even though
> renegotiation is by far the trickiest part of the protocol to get
> right. (In particular, renegotiation is the only case where attempting
> to read can give WantWrite and vice-versa.)

Renegociation was the source of a vulnerability in SSL/TLS protocols,
so maybe it's a good thing that it's not implemented :-)

Renegociation was removed from the new TLS 1.3 protocol:
"TLS 1.3 forbids renegotiation"


More information about the Python-Dev mailing list