[Security-sig] Unified TLS API for Python

Cory Benfield cory at lukasa.co.uk
Thu Jan 12 07:44:34 EST 2017


> On 12 Jan 2017, at 12:37, Nick Coghlan <ncoghlan at gmail.com> wrote:
> 
> For "Enums" where I genuinely don't care about the values, I'll
> typically set them to the string that matches the attribute name:
> 
> ```
> class TLSVersion(Enum):
>        SSLv2 = "SSLv2"
>        MINIMUM_SUPPORTED = SSLv2
>        SSLv3 = "SSLv3"
>        TLSv1= "TLSv1"
>        TLSv1_1 = "TLSv1_1"
>        TLSv1_2 = "TLSv1_2"
>        TLSv1_3 = "TLSv1_3"
>        MAXIMUM_SUPPORTED = TLSv1_3
> ```
> 
> That way folks get sensible answers regardless of whether they
> reference the enum entry name or its value, or render it directly with
> repr() or str():
> 
>>>> TLSVersion.MINIMUM_SUPPORTED
>    <TLSVersion.SSLv2: 'SSLv2'>
>>>> TLSVersion.MAXIMUM_SUPPORTED
>    <TLSVersion.TLSv1_3: 'TLSv1_3'>
>>>> str(TLSVersion.MAXIMUM_SUPPORTED)
>    'TLSVersion.TLSv1_3'
>>>> TLSVersion.MAXIMUM_SUPPORTED.name
>    'TLSv1_3'
>>>> TLSVersion.MAXIMUM_SUPPORTED.value
>    'TLSv1_3'

We can do that.

I should note that MINIMUM_SUPPORTED and MAXIMUM_SUPPORTED are not intended to be equal to SSLv2 and TLSv1_3, or indeed to any other value in this enum. They are future-proofing tools that allow users to say “I want TLSv1 *or higher*” without setting an upper bound on what “higher” means.

Cory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/security-sig/attachments/20170112/2b278212/attachment-0001.html>


More information about the Security-SIG mailing list