[Python-checkins] cpython: Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers

antoine.pitrou python-checkins at python.org
Mon Dec 19 13:27:49 CET 2011

• Previous message: [Python-checkins] cpython (merge 3.2 -> default): Issue #11867: Make test_mailbox.test_lock_conflict deterministic (and fix a
• Next message: [Python-checkins] cpython (3.2): Issue #13628: python-gdb.py is now able to retrieve more frames in the Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

http://hg.python.org/cpython/rev/c706f76c9ea8
changeset: 74075:c706f76c9ea8
user: Antoine Pitrou <solipsis at pitrou.net>
date: Mon Dec 19 13:27:11 2011 +0100
summary:
 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
choose the cipher based on their own preferences, rather than on the
client's.
files:
 Doc/library/ssl.rst | 7 +++++++
 Lib/ssl.py | 5 ++++-
 Lib/test/test_ssl.py | 1 +
 Misc/NEWS | 4 ++++
 Modules/_ssl.c | 2 ++
 5 files changed, 18 insertions(+), 1 deletions(-)
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -421,6 +421,13 @@
 
 .. versionadded:: 3.2
 
+.. data:: OP_CIPHER_SERVER_PREFERENCE
+
+ Use the server's cipher ordering preference, rather than the client's.
+ This option has no effect on client sockets and SSLv2 server sockets.
+
+ .. versionadded:: 3.3
+
 .. data:: HAS_SNI
 
 Whether the OpenSSL library has built-in support for the *Server Name
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -66,7 +66,10 @@
 SSLSyscallError, SSLEOFError,
 )
 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1
+from _ssl import (
+ OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+ OP_CIPHER_SERVER_PREFERENCE,
+ )
 from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
 from _ssl import (
 SSL_ERROR_ZERO_RETURN,
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -98,6 +98,7 @@
 ssl.CERT_NONE
 ssl.CERT_OPTIONAL
 ssl.CERT_REQUIRED
+ ssl.OP_CIPHER_SERVER_PREFERENCE
 self.assertIn(ssl.HAS_SNI, {True, False})
 
 def test_random(self):
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -419,6 +419,10 @@
 Library
 -------
 
+- Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
+ choose the cipher based on their own preferences, rather than on the
+ client's.
+
 - Issue #11813: Fix inspect.getattr_static for modules. Patch by Andreas 
 Stührk.
 
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2450,6 +2450,8 @@
 PyModule_AddIntConstant(m, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
 PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
 PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
+ PyModule_AddIntConstant(m, "OP_CIPHER_SERVER_PREFERENCE",
+ SSL_OP_CIPHER_SERVER_PREFERENCE);
 
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 r = Py_True;
-- 
Repository URL: http://hg.python.org/cpython

---

• Previous message: [Python-checkins] cpython (merge 3.2 -> default): Issue #11867: Make test_mailbox.test_lock_conflict deterministic (and fix a
• Next message: [Python-checkins] cpython (3.2): Issue #13628: python-gdb.py is now able to retrieve more frames in the Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list