Issue 27866: ssl: get list of enabled ciphers

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/72053

classification

Title:	ssl: get list of enabled ciphers
Type:	enhancement	Stage:	resolved
Components:	Library (Lib)	Versions:	Python 3.6

process

Dependencies:	Superseder:
Status:	closed	Resolution:	fixed
Assigned To:	Nosy List:	alex, christian.heimes, dstufft, giampaolo.rodola, janssen, martin.panter, pitrou, python-dev
Priority:	normal	Keywords:	patch

Created on 2016年08月26日 11:29 by christian.heimes, last changed 2022年04月11日 14:58 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
Add-SSLContext.get_ciphers.patch	christian.heimes, 2016年08月31日 20:10

Messages (9)
msg273703 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2016年08月26日 11:29
SSLContext has a set_ciphers() method but no method to get the actual list of enabled ciphers. https://github.com/tiran/cpython/tree/feature/openssl_ciphers implements get_ciphers() >>> import ssl, pprint >>> ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) >>> ctx.set_ciphers('ECDHE+AESGCM:!ECDSA') >>> pprint.pprint(ctx.get_ciphers()) [{'alg_bits': 256, 'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA ' 'Enc=AESGCM(256) Mac=AEAD', 'id': 50380848, 'name': 'ECDHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1/SSLv3', 'strength_bits': 256}, {'alg_bits': 128, 'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA ' 'Enc=AESGCM(128) Mac=AEAD', 'id': 50380847, 'name': 'ECDHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1/SSLv3', 'strength_bits': 128}] With OpenSSL 1.1 the dict will have more fields. Both the return value and functionality is different to https://docs.python.org/3/library/ssl.html#ssl.SSLSocket.shared_ciphers .
msg274113 - (view)	Author: Antoine Pitrou (pitrou) * (Python committer)	Date: 2016年09月01日 09:33
What does "kea" mean? Key exchange?
msg274115 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2016年09月01日 10:21
KEA stands for key exchange algorithm.
msg274443 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2016年09月05日 22:05
New changeset ca8d7cb55a8e by Christian Heimes in branch 'default': Issue #27866: Add SSLContext.get_ciphers() method to get a list of all enabled ciphers. https://hg.python.org/cpython/rev/ca8d7cb55a8e
msg274515 - (view)	Author: Martin Panter (martin.panter) * (Python committer)	Date: 2016年09月06日 04:32
Fails on the Gentoo buildbots: http://buildbot.python.org/all/builders/x86%20Gentoo%20Non-Debug%20with%20X%203.x/builds/1368/steps/test/logs/stdio ====================================================================== ERROR: test_get_ciphers (test.test_ssl.ContextTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/buildbot/buildarea/3.x.ware-gentoo-x86.nondebug/build/Lib/test/test_ssl.py", line 840, in test_get_ciphers ctx.set_ciphers('ECDHE+AESGCM:!ECDSA') ssl.SSLError: ('No cipher can be selected.',)
msg274540 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2016年09月06日 08:46
New changeset 9377ed49746b by Christian Heimes in branch 'default': Issue 27866: relax test case for set_cipher() and allow more cipher suites https://hg.python.org/cpython/rev/9377ed49746b
msg274545 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2016年09月06日 09:27
New changeset dad4c42869f6 by Christian Heimes in branch 'default': Issue 27866: relax get_cipher() test even more. Gentoo buildbot has no ECDHE https://hg.python.org/cpython/rev/dad4c42869f6
msg274552 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2016年09月06日 11:16
I have relaxed the tests and stabilized the buildbots. Some Gentoo machines don't have ECDHE cipher suites enabled.
msg276011 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2016年09月12日 10:00
New changeset 2a1c7d0fdde6 by Victor Stinner in branch 'default': Issue #27866: Fix refleak in cipher_to_dict() https://hg.python.org/cpython/rev/2a1c7d0fdde6

History
Date	User	Action	Args
2022年04月11日 14:58:35	admin	set	github: 72053
2016年09月12日 10:00:39	python-dev	set	messages: + msg276011
2016年09月06日 12:27:20	berker.peksag	set	status: open -> closed
2016年09月06日 11:16:51	christian.heimes	set	resolution: fixed dependencies: - Make OpenSSL module compatible with OpenSSL 1.1.0 messages: + msg274552 stage: patch review -> resolved
2016年09月06日 09:27:35	python-dev	set	messages: + msg274545
2016年09月06日 08:46:00	python-dev	set	messages: + msg274540
2016年09月06日 04:32:51	martin.panter	set	nosy: + martin.panter messages: + msg274515
2016年09月05日 22:05:06	python-dev	set	nosy: + python-dev messages: + msg274443
2016年09月01日 10:21:35	christian.heimes	set	messages: + msg274115
2016年09月01日 09:33:46	pitrou	set	nosy: + pitrou messages: + msg274113
2016年08月31日 20:11:08	christian.heimes	set	stage: patch review
2016年08月31日 20:10:58	christian.heimes	set	files: + Add-SSLContext.get_ciphers.patch keywords: + patch dependencies: + Make OpenSSL module compatible with OpenSSL 1.1.0
2016年08月26日 11:29:14	christian.heimes	create

homepage