Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ALPN support for TLS #64387

Closed
mnot mannequin opened this issue Jan 8, 2014 · 15 comments
Closed

ALPN support for TLS #64387

mnot mannequin opened this issue Jan 8, 2014 · 15 comments
Assignees
Labels
extension-modules C modules in the Modules dir type-feature A feature request or enhancement

Comments

@mnot
Copy link
Mannequin

mnot mannequin commented Jan 8, 2014

BPO 20188
Nosy @jcea, @pitrou, @vstinner, @giampaolo, @tiran, @benjaminp, @ned-deily, @alex, @dimaqq, @Lukasa
Files
  • alpn.patch
  • alpn.patch
  • alpn.patch
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/benjaminp'
    closed_at = <Date 2015-01-23.21:43:03.737>
    created_at = <Date 2014-01-08.03:52:59.838>
    labels = ['extension-modules', 'type-feature']
    title = 'ALPN support for TLS'
    updated_at = <Date 2015-01-28.04:22:36.672>
    user = 'https://bugs.python.org/mnot'

    bugs.python.org fields:

    activity = <Date 2015-01-28.04:22:36.672>
    actor = 'ned.deily'
    assignee = 'benjamin.peterson'
    closed = True
    closed_date = <Date 2015-01-23.21:43:03.737>
    closer = 'python-dev'
    components = ['Extension Modules']
    creation = <Date 2014-01-08.03:52:59.838>
    creator = 'mnot'
    dependencies = []
    files = ['37829', '37830', '37831']
    hgrepos = []
    issue_num = 20188
    keywords = ['patch']
    message_count = 15.0
    messages = ['207660', '223998', '226479', '234503', '234523', '234577', '234578', '234579', '234580', '234582', '234583', '234584', '234586', '234816', '234872']
    nosy_count = 14.0
    nosy_names = ['jcea', 'janssen', 'pitrou', 'mnot', 'vstinner', 'giampaolo.rodola', 'christian.heimes', 'benjamin.peterson', 'ned.deily', 'Arfrever', 'alex', 'python-dev', 'Dima.Tisnek', 'Lukasa']
    pr_nums = []
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'enhancement'
    url = 'https://bugs.python.org/issue20188'
    versions = ['Python 2.7', 'Python 3.5']

    @mnot
    Copy link
    Mannequin Author

    mnot mannequin commented Jan 8, 2014

    In bpo-14204, support for NPN was added. Subsequently, NPN has been superseded by ALPN in the IETF, and support for it is coming in OpenSSL 1.0.2.

    http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg
    http://rt.openssl.org/Ticket/Display.html?id=3073
    http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=NEWS

    @mnot mnot mannequin added extension-modules C modules in the Modules dir type-feature A feature request or enhancement labels Jan 8, 2014
    @mnot
    Copy link
    Mannequin Author

    mnot mannequin commented Jul 25, 2014

    HTTP/2 requires ALPN, BTW.

    @Lukasa
    Copy link
    Mannequin

    Lukasa mannequin commented Sep 6, 2014

    Updating to mention a concern with ALPN implementation. HTTP/2 requires that a cipher with AEAD be negotiated. However, it also allows for offering a wider range of cipher suites: if an AEAD cipher is not present, this will allow fallback to HTTP/1.1.

    There's some interplay between ALPN and cipher selection here. We'll want to ensure that either ALPN negotiation can inform cipher selection or vice-versa, or writing a Python HTTP/2 server will get tricky fast.

    @Lukasa
    Copy link
    Mannequin

    Lukasa mannequin commented Jan 22, 2015

    Updating to note that OpenSSL 1.0.2 has been released0, which makes this feature supportable.

    @pitrou
    Copy link
    Member

    pitrou commented Jan 22, 2015

    Thanks. Now it needs someone to submit a patch.

    @benjaminp
    Copy link
    Contributor

    benjaminp commented Jan 23, 2015

    Here you are.

    @pitrou
    Copy link
    Member

    pitrou commented Jan 23, 2015

    Why is that "3.4.3"?

    @benjaminp
    Copy link
    Contributor

    benjaminp commented Jan 23, 2015

    On Fri, Jan 23, 2015, at 15:33, Antoine Pitrou wrote:

    Antoine Pitrou added the comment:

    Why is that "3.4.3"?

    I wrote the patch on the 3.4 branch.

    @pitrou
    Copy link
    Member

    pitrou commented Jan 23, 2015

    Well, sure, but that means you plan to make it available in 3.4.3? Why is that?

    @benjaminp
    Copy link
    Contributor

    benjaminp commented Jan 23, 2015

    On Fri, Jan 23, 2015, at 15:36, Antoine Pitrou wrote:

    Antoine Pitrou added the comment:

    Well, sure, but that means you plan to make it available in 3.4.3? Why is
    that?

    No, I'll apply it to 3.5.

    @benjaminp
    Copy link
    Contributor

    benjaminp commented Jan 23, 2015

    Here's the fixed 3.5 patch.

    @benjaminp
    Copy link
    Contributor

    benjaminp commented Jan 23, 2015

    update after review comments

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Jan 23, 2015

    New changeset be9fe0c66075 by Benjamin Peterson in branch 'default':
    add support for ALPN (closes bpo-20188)
    https://hg.python.org/cpython/rev/be9fe0c66075

    New changeset 7ce67d3f0908 by Benjamin Peterson in branch '2.7':
    PEP-466 backport of alpn (bpo-20188)
    https://hg.python.org/cpython/rev/7ce67d3f0908

    @python-dev python-dev mannequin closed this as completed Jan 23, 2015
    @vstinner
    Copy link
    Member

    vstinner commented Jan 27, 2015

    _ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN: see issue bpo-23329.

    @ned-deily
    Copy link
    Member

    ned-deily commented Jan 28, 2015

    _ssl.c cannot be compiled with pre-NPN versions of OpenSSL: see bpo-23335.

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    extension-modules C modules in the Modules dir type-feature A feature request or enhancement
    Projects
    None yet
    Development

    No branches or pull requests

    4 participants