homepage

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: ALPN support for TLS
Type: enhancement Stage: resolved
Components: Extension Modules Versions: Python 3.5, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: benjamin.peterson Nosy List: Arfrever, Dima.Tisnek, Lukasa, alex, benjamin.peterson, christian.heimes, giampaolo.rodola, janssen, jcea, mnot, ned.deily, pitrou, python-dev, vstinner
Priority: normal Keywords: patch

Created on 2014年01月08日 03:52 by mnot, last changed 2022年04月11日 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
alpn.patch benjamin.peterson, 2015年01月23日 20:32 review
alpn.patch benjamin.peterson, 2015年01月23日 20:46 review
alpn.patch benjamin.peterson, 2015年01月23日 21:07 review
Messages (15)
msg207660 - (view) Author: Mark Nottingham (mnot) Date: 2014年01月08日 03:52 
In #14204, support for NPN was added. Subsequently, NPN has been superseded by ALPN in the IETF, and support for it is coming in OpenSSL 1.0.2.
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg
http://rt.openssl.org/Ticket/Display.html?id=3073
http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=NEWS
msg223998 - (view) Author: Mark Nottingham (mnot) Date: 2014年07月25日 20:38 
HTTP/2 requires ALPN, BTW.
msg226479 - (view) Author: Cory Benfield (Lukasa) * Date: 2014年09月06日 09:18 
Updating to mention a concern with ALPN implementation. HTTP/2 requires that a cipher with AEAD be negotiated. However, it also allows for offering a wider range of cipher suites: if an AEAD cipher is not present, this will allow fallback to HTTP/1.1.
There's some interplay between ALPN and cipher selection here. We'll want to ensure that either ALPN negotiation can inform cipher selection or vice-versa, or writing a Python HTTP/2 server will get tricky fast.
msg234503 - (view) Author: Cory Benfield (Lukasa) * Date: 2015年01月22日 17:12 
Updating to note that OpenSSL 1.0.2 has been released[0], which makes this feature supportable.
[0]: https://mta.openssl.org/pipermail/openssl-announce/2015-January/000019.html
msg234523 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2015年01月22日 22:57 
Thanks. Now it needs someone to submit a patch.
msg234577 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2015年01月23日 20:32 
Here you are.
msg234578 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2015年01月23日 20:33 
Why is that "3.4.3"?
msg234579 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2015年01月23日 20:36 
On Fri, Jan 23, 2015, at 15:33, Antoine Pitrou wrote:
> 
> Antoine Pitrou added the comment:
> 
> Why is that "3.4.3"?
I wrote the patch on the 3.4 branch.
msg234580 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2015年01月23日 20:36 
Well, sure, but that means you plan to make it available in 3.4.3? Why is that?
msg234582 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2015年01月23日 20:39 
On Fri, Jan 23, 2015, at 15:36, Antoine Pitrou wrote:
> 
> Antoine Pitrou added the comment:
> 
> Well, sure, but that means you plan to make it available in 3.4.3? Why is
> that?
No, I'll apply it to 3.5.
msg234583 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2015年01月23日 20:46 
Here's the fixed 3.5 patch.
msg234584 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2015年01月23日 21:07 
update after review comments
msg234586 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015年01月23日 21:43 
New changeset be9fe0c66075 by Benjamin Peterson in branch 'default':
add support for ALPN (closes #20188)
https://hg.python.org/cpython/rev/be9fe0c66075
New changeset 7ce67d3f0908 by Benjamin Peterson in branch '2.7':
pep 466 backport of alpn (#20188)
https://hg.python.org/cpython/rev/7ce67d3f0908
msg234816 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2015年01月27日 10:16 
_ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN: see issue #23329.
msg234872 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2015年01月28日 04:22 
_ssl.c cannot be compiled with pre-NPN versions of OpenSSL: see Issue23335.
History
Date User Action Args
2022年04月11日 14:57:56adminsetgithub: 64387
2015年01月28日 04:22:36ned.deilysetnosy: + ned.deily
messages: + msg234872
2015年01月27日 10:16:13vstinnersetnosy: + vstinner
messages: + msg234816
2015年01月25日 17:22:01Arfreversetnosy: + Arfrever

versions: + Python 2.7
2015年01月23日 21:43:03python-devsetstatus: open -> closed

nosy: + python-dev
messages: + msg234586

resolution: fixed
stage: commit review -> resolved
2015年01月23日 21:33:58pitrousetassignee: benjamin.peterson
stage: patch review -> commit review
2015年01月23日 21:07:56benjamin.petersonsetfiles: + alpn.patch

messages: + msg234584
2015年01月23日 20:46:48benjamin.petersonsetfiles: + alpn.patch

messages: + msg234583
2015年01月23日 20:39:47benjamin.petersonsetmessages: + msg234582
2015年01月23日 20:36:57pitrousetmessages: + msg234580
2015年01月23日 20:36:09benjamin.petersonsetmessages: + msg234579
2015年01月23日 20:33:46pitrousetmessages: + msg234578
2015年01月23日 20:32:08benjamin.petersonsetfiles: + alpn.patch

nosy: + benjamin.peterson
messages: + msg234577

keywords: + patch
stage: needs patch -> patch review
2015年01月22日 22:57:28pitrousetmessages: + msg234523
stage: needs patch
2015年01月22日 17:12:34Lukasasetmessages: + msg234503
2014年09月06日 09:18:54Lukasasetmessages: + msg226479
2014年07月25日 20:38:35mnotsetmessages: + msg223998
2014年06月05日 23:14:29alexsetnosy: + alex
2014年06月05日 09:36:52Dima.Tisneksetnosy: + Dima.Tisnek
2014年04月28日 09:48:24Lukasasetnosy: + Lukasa
2014年01月08日 20:33:44jceasetnosy: + jcea
2014年01月08日 11:16:39pitrousetnosy: + janssen, pitrou, giampaolo.rodola, christian.heimes

versions: - Python 3.1, Python 2.7, Python 3.2, Python 3.3, Python 3.4
2014年01月08日 03:52:59mnotcreate

AltStyle によって変換されたページ (->オリジナル) /