Issue 32609: Add setter and getter for min/max protocol version

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/76790

classification

Title:	Add setter and getter for min/max protocol version
Type:	enhancement	Stage:	resolved
Components:	SSL	Versions:	Python 3.8, Python 3.7

process

Status:	closed	Resolution:	duplicate
Dependencies:	Superseder:	Debian Sid/Buster: Cannot enable TLS 1.0/1.1 with PROTOCOL_TLS View: 31453
Assigned To:	christian.heimes	Nosy List:	christian.heimes
Priority:	normal	Keywords:	patch

Created on 2018年01月21日 14:00 by christian.heimes, last changed 2022年04月11日 14:58 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 5259	open	christian.heimes, 2018年01月21日 14:02

Messages (2)
msg310374 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2018年01月21日 14:00
OpenSSL 1.1 has introduced a new API to set the minimum and maximum supported protocol version. The API is easier to use than the old OP_NO_TLSv1 option flags, too https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_min_proto_version.html Debian used the new setters to disable TLS 1.0 and 1.1 in testing, #31453. The old TLS versions have been enabled again for now. Python must expose the new API in case Debian decides to disable them again. I also like to deprecate the old OP_NO_TLSv1 et al. flags in favor of the new API. The option flags are awkward to use and easy to get wrong. For example applications must not leave holes in the OP_NO range (e.g. allow TLS 1.0 and 1.2 but disable 1.1).
msg312919 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2018年02月26日 11:43
bpo-31453 is the Debian issue that made me start to implement the setter and getter for min/max protocol version.

History
Date	User	Action	Args
2022年04月11日 14:58:56	admin	set	github: 76790
2018年02月26日 11:43:04	christian.heimes	set	status: open -> closed superseder: Debian Sid/Buster: Cannot enable TLS 1.0/1.1 with PROTOCOL_TLS title: Add setter and getter for min/max protocol ersion -> Add setter and getter for min/max protocol version messages: + msg312919 versions: + Python 3.8 resolution: duplicate stage: patch review -> resolved
2018年02月25日 20:25:37	christian.heimes	link	issue27876 superseder
2018年01月21日 14:02:47	christian.heimes	set	keywords: + patch stage: needs patch -> patch review pull_requests: + pull_request5106
2018年01月21日 14:00:24	christian.heimes	create

homepage