Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
637d0fd
to
847ccd9
Compare
| ChaCha20 cipher suites are enabled by default. The method | ||
| :meth:`SSLContext.set_ciphers` cannot enable or disable any TLS 1.3 | ||
| ciphers yet, but :meth:`SSLContext.get_cipers` returns them. | ||
| - Session tickets are no longer send as part of the initial handshake and |
There was a problem hiding this comment.
The reason will be displayed to describe this comment to others. Learn more.
sent
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS client cert auth are now handled after the initialy handshake. Tests now either send/recv data to trigger session and client certs. Or tests ignore ConnectionResetError / BrokenPipeError on the server side to handle clients that force-close the socket fd. To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR openssl/openssl#6340) is required. Signed-off-by: Christian Heimes <christian@python.org>
|
Thanks Elvis, I fixed the typo. |
|
Thanks @tiran for the PR |
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS client cert auth are now handled after the initialy handshake. Tests now either send/recv data to trigger session and client certs. Or tests ignore ConnectionResetError / BrokenPipeError on the server side to handle clients that force-close the socket fd. To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR openssl/openssl#6340) is required. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 529525f) Co-authored-by: Christian Heimes <christian@python.org>
|
GH-7082 is a backport of this pull request to the 3.7 branch. |
|
Sorry, @tiran, I could not cleanly backport this to |
|
Sorry, @tiran, I could not cleanly backport this to |
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS client cert auth are now handled after the initialy handshake. Tests now either send/recv data to trigger session and client certs. Or tests ignore ConnectionResetError / BrokenPipeError on the server side to handle clients that force-close the socket fd. To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR openssl/openssl#6340) is required. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 529525f)
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS client cert auth are now handled after the initialy handshake. Tests now either send/recv data to trigger session and client certs. Or tests ignore ConnectionResetError / BrokenPipeError on the server side to handle clients that force-close the socket fd. To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR openssl/openssl#6340) is required. Signed-off-by: Christian Heimes <christian@python.org>
|
The relevant fixes seem to have been backported for the 3.6 branch at #8760 . Could it be verified and have the respective label removed? |
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.
To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
openssl/openssl#6340) is required.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue33618