➜
This issue trackerhas been migrated toGitHub, and is currentlyread-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.
Created on2016-08-26 11:29 bychristian.heimes, last changed2022-04-11 14:58 byadmin. This issue is nowclosed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| Add-SSLContext.get_ciphers.patch | christian.heimes,2016-08-31 20:10 | |||
| Messages (9) | |||
|---|---|---|---|
| msg273703 -(view) | Author: Christian Heimes (christian.heimes)* | Date: 2016-08-26 11:29 | |
SSLContext has a set_ciphers() method but no method to get the actual list of enabled ciphers.https://github.com/tiran/cpython/tree/feature/openssl_ciphers implements get_ciphers()>>> import ssl, pprint>>> ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)>>> ctx.set_ciphers('ECDHE+AESGCM:!ECDSA')>>> pprint.pprint(ctx.get_ciphers())[{'alg_bits': 256, 'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA ' 'Enc=AESGCM(256) Mac=AEAD', 'id': 50380848, 'name': 'ECDHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1/SSLv3', 'strength_bits': 256}, {'alg_bits': 128, 'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA ' 'Enc=AESGCM(128) Mac=AEAD', 'id': 50380847, 'name': 'ECDHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1/SSLv3', 'strength_bits': 128}]With OpenSSL 1.1 the dict will have more fields.Both the return value and functionality is different tohttps://docs.python.org/3/library/ssl.html#ssl.SSLSocket.shared_ciphers . | |||
| msg274113 -(view) | Author: Antoine Pitrou (pitrou)* | Date: 2016-09-01 09:33 | |
What does "kea" mean? Key exchange? | |||
| msg274115 -(view) | Author: Christian Heimes (christian.heimes)* | Date: 2016-09-01 10:21 | |
KEA stands for key exchange algorithm. | |||
| msg274443 -(view) | Author: Roundup Robot (python-dev) | Date: 2016-09-05 22:05 | |
New changesetca8d7cb55a8e by Christian Heimes in branch 'default':Issue#27866: Add SSLContext.get_ciphers() method to get a list of all enabled ciphers.https://hg.python.org/cpython/rev/ca8d7cb55a8e | |||
| msg274515 -(view) | Author: Martin Panter (martin.panter)* | Date: 2016-09-06 04:32 | |
Fails on the Gentoo buildbots:http://buildbot.python.org/all/builders/x86%20Gentoo%20Non-Debug%20with%20X%203.x/builds/1368/steps/test/logs/stdio======================================================================ERROR: test_get_ciphers (test.test_ssl.ContextTests)----------------------------------------------------------------------Traceback (most recent call last): File "/buildbot/buildarea/3.x.ware-gentoo-x86.nondebug/build/Lib/test/test_ssl.py", line 840, in test_get_ciphers ctx.set_ciphers('ECDHE+AESGCM:!ECDSA')ssl.SSLError: ('No cipher can be selected.',) | |||
| msg274540 -(view) | Author: Roundup Robot (python-dev) | Date: 2016-09-06 08:46 | |
New changeset9377ed49746b by Christian Heimes in branch 'default':Issue 27866: relax test case for set_cipher() and allow more cipher suiteshttps://hg.python.org/cpython/rev/9377ed49746b | |||
| msg274545 -(view) | Author: Roundup Robot (python-dev) | Date: 2016-09-06 09:27 | |
New changesetdad4c42869f6 by Christian Heimes in branch 'default':Issue 27866: relax get_cipher() test even more. Gentoo buildbot has no ECDHEhttps://hg.python.org/cpython/rev/dad4c42869f6 | |||
| msg274552 -(view) | Author: Christian Heimes (christian.heimes)* | Date: 2016-09-06 11:16 | |
I have relaxed the tests and stabilized the buildbots. Some Gentoo machines don't have ECDHE cipher suites enabled. | |||
| msg276011 -(view) | Author: Roundup Robot (python-dev) | Date: 2016-09-12 10:00 | |
New changeset2a1c7d0fdde6 by Victor Stinner in branch 'default':Issue#27866: Fix refleak in cipher_to_dict()https://hg.python.org/cpython/rev/2a1c7d0fdde6 | |||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:35 | admin | set | github: 72053 |
| 2016-09-12 10:00:39 | python-dev | set | messages: +msg276011 |
| 2016-09-06 12:27:20 | berker.peksag | set | status: open -> closed |
| 2016-09-06 11:16:51 | christian.heimes | set | resolution: fixed dependencies: -Make OpenSSL module compatible with OpenSSL 1.1.0 messages: +msg274552 stage: patch review -> resolved |
| 2016-09-06 09:27:35 | python-dev | set | messages: +msg274545 |
| 2016-09-06 08:46:00 | python-dev | set | messages: +msg274540 |
| 2016-09-06 04:32:51 | martin.panter | set | nosy: +martin.panter messages: +msg274515 |
| 2016-09-05 22:05:06 | python-dev | set | nosy: +python-dev messages: +msg274443 |
| 2016-09-01 10:21:35 | christian.heimes | set | messages: +msg274115 |
| 2016-09-01 09:33:46 | pitrou | set | nosy: +pitrou messages: +msg274113 |
| 2016-08-31 20:11:08 | christian.heimes | set | stage: patch review |
| 2016-08-31 20:10:58 | christian.heimes | set | files: +Add-SSLContext.get_ciphers.patch keywords: +patch dependencies: +Make OpenSSL module compatible with OpenSSL 1.1.0 |
| 2016-08-26 11:29:14 | christian.heimes | create | |