[Security-sig] Unified TLS API for Python
Cory Benfield
cory at lukasa.co.uk
Thu Jan 12 07:44:34 EST 2017
> On 12 Jan 2017, at 12:37, Nick Coghlan <ncoghlan at gmail.com> wrote:
>
> For "Enums" where I genuinely don't care about the values, I'll
> typically set them to the string that matches the attribute name:
>
> ```
> class TLSVersion(Enum):
> SSLv2 = "SSLv2"
> MINIMUM_SUPPORTED = SSLv2
> SSLv3 = "SSLv3"
> TLSv1= "TLSv1"
> TLSv1_1 = "TLSv1_1"
> TLSv1_2 = "TLSv1_2"
> TLSv1_3 = "TLSv1_3"
> MAXIMUM_SUPPORTED = TLSv1_3
> ```
>
> That way folks get sensible answers regardless of whether they
> reference the enum entry name or its value, or render it directly with
> repr() or str():
>
>>>> TLSVersion.MINIMUM_SUPPORTED
> <TLSVersion.SSLv2: 'SSLv2'>
>>>> TLSVersion.MAXIMUM_SUPPORTED
> <TLSVersion.TLSv1_3: 'TLSv1_3'>
>>>> str(TLSVersion.MAXIMUM_SUPPORTED)
> 'TLSVersion.TLSv1_3'
>>>> TLSVersion.MAXIMUM_SUPPORTED.name
> 'TLSv1_3'
>>>> TLSVersion.MAXIMUM_SUPPORTED.value
> 'TLSv1_3'
We can do that.
I should note that MINIMUM_SUPPORTED and MAXIMUM_SUPPORTED are not intended to be equal to SSLv2 and TLSv1_3, or indeed to any other value in this enum. They are future-proofing tools that allow users to say “I want TLSv1 *or higher*” without setting an upper bound on what “higher” means.
Cory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/security-sig/attachments/20170112/2b278212/attachment-0001.html>
More information about the Security-SIG
mailing list