Allow CPython to build against cryptography libraries lacking post-handshake authentication #117784
Labels
extension-modules
C modules in the Modules dir
topic-SSL
type-feature
A feature request or enhancement
Comments
AlexWaygood
changed the title
encukou
pushed a commit
that referenced
this issue
Jul 1, 2024
…AKE (GH-117785) With this change, builds with OpenSSL forks that don't have this functionalty (like AWS-LC or BoringSSL) will require less patching.
|
Thanks! Do you want to send more PRs for this issue? |
|
No more PRs needed unless you'd like me to add an AWS-LC integration test to CPython's CI. Thank you for your reviews! |
Akasurde
pushed a commit
to Akasurde/cpython
that referenced
this issue
Jul 3, 2024
…HANDSHAKE (pythonGH-117785) With this change, builds with OpenSSL forks that don't have this functionalty (like AWS-LC or BoringSSL) will require less patching.
noahbkim
pushed a commit
to hudson-trading/cpython
that referenced
this issue
Jul 11, 2024
…HANDSHAKE (pythonGH-117785) With this change, builds with OpenSSL forks that don't have this functionalty (like AWS-LC or BoringSSL) will require less patching.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature or enhancement
Proposal:
As part of a series of changes discussed on the python Ideas board, this issue proposes placing guards around references to TLSv1.3 post-handshake authentication (PHA). This would CPython to build against cryptography libraries lacking full PHA support.
Has this already been discussed elsewhere?
I have already discussed this feature proposal on Discourse
Links to previous discussion of this feature:
https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505/9
Linked PRs
The text was updated successfully, but these errors were encountered: