Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add setter and getter for min/max protocol version #76790

Closed
tiran opened this issue Jan 21, 2018 · 2 comments
Closed

Add setter and getter for min/max protocol version #76790

tiran opened this issue Jan 21, 2018 · 2 comments
Assignees
Labels
3.7 3.8 expert-SSL type-feature

Comments

@tiran
Copy link
Member

@tiran tiran commented Jan 21, 2018

BPO 32609
Nosy @tiran
PRs
  • #5259
  • Superseder
  • bpo-31453: Debian Sid/Buster: Cannot enable TLS 1.0/1.1 with PROTOCOL_TLS
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
    closed_at = <Date 2018-02-26.11:43:04.779>
    created_at = <Date 2018-01-21.14:00:24.080>
    labels = ['expert-SSL', '3.8', 'type-feature', '3.7']
    title = 'Add setter and getter for min/max protocol version'
    updated_at = <Date 2018-02-26.11:43:04.778>
    user = 'https://github.com/tiran'

    bugs.python.org fields:

    activity = <Date 2018-02-26.11:43:04.778>
    actor = 'christian.heimes'
    assignee = 'christian.heimes'
    closed = True
    closed_date = <Date 2018-02-26.11:43:04.779>
    closer = 'christian.heimes'
    components = ['SSL']
    creation = <Date 2018-01-21.14:00:24.080>
    creator = 'christian.heimes'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 32609
    keywords = ['patch']
    message_count = 2.0
    messages = ['310374', '312919']
    nosy_count = 1.0
    nosy_names = ['christian.heimes']
    pr_nums = ['5259']
    priority = 'normal'
    resolution = 'duplicate'
    stage = 'resolved'
    status = 'closed'
    superseder = '31453'
    type = 'enhancement'
    url = 'https://bugs.python.org/issue32609'
    versions = ['Python 3.7', 'Python 3.8']

    @tiran
    Copy link
    Member Author

    @tiran tiran commented Jan 21, 2018

    OpenSSL 1.1 has introduced a new API to set the minimum and maximum supported protocol version. The API is easier to use than the old OP_NO_TLSv1 option flags, too

    https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_min_proto_version.html

    Debian used the new setters to disable TLS 1.0 and 1.1 in testing, bpo-31453. The old TLS versions have been enabled again for now. Python must expose the new API in case Debian decides to disable them again.

    I also like to deprecate the old OP_NO_TLSv1 et al. flags in favor of the new API. The option flags are awkward to use and easy to get wrong. For example applications must not leave holes in the OP_NO range (e.g. allow TLS 1.0 and 1.2 but disable 1.1).

    @tiran tiran added the 3.7 label Jan 21, 2018
    @tiran tiran self-assigned this Jan 21, 2018
    @tiran tiran added expert-SSL type-feature labels Jan 21, 2018
    @tiran
    Copy link
    Member Author

    @tiran tiran commented Feb 26, 2018

    bpo-31453 is the Debian issue that made me start to implement the setter and getter for min/max protocol version.

    @tiran tiran added the 3.8 label Feb 26, 2018
    @tiran tiran closed this as completed Feb 26, 2018
    @tiran tiran changed the title Add setter and getter for min/max protocol ersion Add setter and getter for min/max protocol version Feb 26, 2018
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.7 3.8 expert-SSL type-feature
    Projects
    None yet
    Development

    No branches or pull requests

    1 participant