Skip to content

Add support for querying the negotiated TLS version. #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Add support for querying the negotiated TLS version. #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions OpenSSL/SSL.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1551,6 +1551,16 @@ def get_cipher_version(self):
return version.decode("utf-8")


def get_protocol_version(self):
"""
Obtain the protocol version of the current connection.

:returns: The TLS version of the current connection, for example
the value for TLS 1.2 would be 0x303.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be hard for most people to generalize from "0x303 means TLS 1.2" to an understanding of other values. Or maybe that's just mean. Anyway, can you expand this documentation or make it easier to understand these values some other way? An example of a non-documentation solution might be to make the result self-documenting by defining a collection of symbolic constants and referring to that collection here. Or another solution might be to refer to some existing OpenSSL documentation about this value.

Which brings me to another point, where is the documentation for SSL_version? I can't find any. I did find SSL_get_version which apparently returns a string instead. Exposing that instead might be another way to solve the documentation issue - since "TLS1.2" doesn't need as much explanation as 0x303 (though just going by the OpenSSL documentation, I don't know if "TLSv1.2" is a value that will ever be returned by SSL_get_version! It only documents "SSLv2", "SSLv3", and "TLSv1" - oh, and, awesomely, "unknown").

:rtype: :py:class:`int`
"""
version = _lib.SSL_version(self._ssl)
return version

ConnectionType = Connection

Expand Down
14 changes: 14 additions & 0 deletions OpenSSL/test/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2129,6 +2129,20 @@ def test_get_cipher_bits(self):
self.assertEqual(server_cipher_bits, client_cipher_bits)


def test_get_protocol_version(self):
"""
:py:obj:`Connection.get_protocol_version` returns a :py:class:`int`
giving the protocol version of the current connection.
"""
server, client = self._loopback()
server_protocol_version, client_protocol_version = \
server.get_protocol_version(), client.get_protocol_version()

self.assertIsInstance(server_protocol_version, int)
self.assertIsInstance(client_protocol_version, int)

self.assertEqual(server_protocol_version, client_protocol_version)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assertion would be satisfied if the implementation accidentally always returned a constant integer (0 for example).

Perhaps this test could make a stronger assertion about the value? It might even be worth having a couple tests for a couple different values.



class ConnectionGetCipherListTests(TestCase):
"""
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
maintainer_email = 'exarkun@twistedmatrix.com',
url = 'https://github.com/pyca/pyopenssl',
license = 'APL2',
install_requires=["cryptography>=0.5.4", "six>=1.5.2"],
install_requires=["cryptography>=0.7.2", "six>=1.5.2"],
long_description = """\
High-level wrapper around a subset of the OpenSSL library, includes
* SSL.Connection objects, wrapping the methods of Python's portable
Expand Down