-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for TLS 1.3 to all HTTPSConnection implementations #1496
Merged
Merged
Changes from 9 commits
Commits
Show all changes
37 commits
Select commit
Hold shift + click to select a range
f59e6b3
Add tests for specific TLS/SSL versions
sethmlarson 417c333
Add change and update bindings
sethmlarson eaa6f38
SSLSocket.version() not available sometimes
sethmlarson 20b5eb5
Add support for kTLSProtocolMaxSupported
sethmlarson ab1e014
Try setProtocolVersionMax again if error
sethmlarson fefc403
Get ctypes.c_uint.value for SSLSocket.version()
sethmlarson 32de3a5
Opt-in TLS 1.3 on macOS 10.13
sethmlarson 694b164
Update tornado to 5.1.1
sethmlarson 9939524
Add documentation updates for TLSv1.3
sethmlarson 493d78f
Add wbond/oscrypto license to contrib/securetransport
sethmlarson 9fe5269
Remove all TLS 1.3 ciphersuites from DEFAULT_CIPHERS
sethmlarson 522ed0c
Merge branch 'tls-1.3' of github.com:SethMichaelLarson/urllib3 into t…
sethmlarson b364e70
Experiment showing cipher list per protocol
sethmlarson 209873a
Update test_https.py
sethmlarson 490251b
Update test_https.py
sethmlarson 93f1d3a
Update test_https.py
sethmlarson 95e5935
Update changelog wording to exclude pyOpenSSL
sethmlarson 1ae8674
minor rewording
sethmlarson 4f6f74d
Add support for IPv6 in subjectAltName
sethmlarson a071345
Merge branch 'tls-1.3' of github.com:SethMichaelLarson/urllib3 into t…
sethmlarson a18f623
Don't use OP_ALL
sethmlarson a97cefe
Update CHANGES.rst
sethmlarson ca52ca5
No PROTOCOL_TLSv1_3
sethmlarson 7e4e485
Remove DSS, rearrange SecureTransport ciphers
sethmlarson 5745dfb
Use ECDSA before RSA with ECDHE
sethmlarson 2bc2742
ReviReorder ciphers
sethmlarson 6a4d3dc
ECDHE
sethmlarson 9fc3c5a
Update test_https.py
sethmlarson 423df77
Turns out we don't need version detection
sethmlarson 4244f75
Reorder per Hyneks post and favor ephemeral
sethmlarson 3817503
Merge branch 'master' into tls-1.3
sethmlarson 18001cd
Refactor HTTPS unit tests
sethmlarson eac9b3a
Merge branch 'tls-1.3' of ssh://github.com/sethmlarson/urllib3 into t…
sethmlarson 3b9c529
Fix up tests
sethmlarson ccb3737
Test locking pytest-httpbin
sethmlarson 9e78231
Update requests.sh
sethmlarson 15c3af7
remove whitespace
sethmlarson File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -626,7 +626,7 @@ def socket_handler(listener): | |
# First request should fail. | ||
response = pool.urlopen('GET', '/', retries=0, | ||
preload_content=False, | ||
timeout=Timeout(connect=1, read=0.001)) | ||
timeout=Timeout(connect=1, read=0.1)) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 😢 |
||
try: | ||
self.assertRaises(ReadTimeoutError, response.read) | ||
finally: | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Just for my own edification) what's the benefit of doing a classmethod wrapper here over a property?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could be mistaken because I've never tried it but properties aren't available to the class only the instance? We need it for
_start_server()
which is also aclassmethod
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just curious why the change was necessary, I assumed the old
certs
would be available to the class too.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used a function here because we're making a copy of
DEFAULT_CERTS
and changing thessl_version
key per-test for the TLS version tests. If there's an alternate way to achieve this I could change this.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So you're saying before we'd have to do something like...
Instead of...
?
Not obvious to me what the advantage of the latter one is, but I don't have strong feelings here. :)