New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support SSLContext.options in _create_ssl_context, --ssl-options #1680
Comments
+1 from me. |
Looking for thoughts on how this option might be presented.
If a config-file only option were permitted (or at least initially), and since that can be any Python, that seems to offer a pretty straightforward approach for the options-parsing part of this at least. Thoughts please. |
Some info on typical Python 3.6 constants and defaults:
|
@javabrett I appreciate the thinking about configuration sanity and would like to not add a lot of parsing code. Whatever you're willing and able to do is great. I would also be happy to start with limiting it to the configuration file and if someone wants to propose and implement a good way to express it on the CLI in the future, that can be an improvement later. |
Reading https://docs.python.org/3/library/ssl.html , use of
PROTOCOL_
* to specify the exact protocol and version is becoming increasingly deprecated, e.g. forTLSv1_2
:... suggesting that this is replaced by
PROTOCOL_TLS
and a suite of or-edOP_
* options passed toSSLContext.options
(if you want to override or amendssl.OP_ALL
, which seems to be currentlySSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
). Some care should be taken not to unintentionally mask-out the basessl.OP_ALL
.This SSL/TLS option might be exposed by a new config
ssl_options
/ssl_options
.The text was updated successfully, but these errors were encountered: