| msg209564 - (view) |
Author: Antoine Pitrou (pitrou) *  |
Date: 2014-01-28 16:36 |
| SSL sockets should provide a way to query the current protocol version (e.g. "TLSv1.2"). OpenSSL makes it easy through SSL_get_version(). Open question is whether we return the string returned by SSL_get_version(), or we convert it to one of the constants ssl.PROTOCOL_XXX. |
|
|
| msg214621 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2014-03-23 17:35 |
| (slightly related: should ssl.PROTOCOL_xxx constants become enum members?) |
|
|
| msg214864 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2014-03-25 23:10 |
| We could actually use the undocumented "int SSL_version(const SSL *s)" and convert the return value to one of our favourite protocol constants. |
|
|
| msg216543 - (view) |
Author: Ethan Furman (ethan.furman) * |
Date: 2014-04-16 18:21 |
| Sounds good to me. |
|
|
| msg216792 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2014-04-18 18:41 |
| Ok, it came to me that converting to one of the PROTOCOL* constants can fail in the following case: Python is linked with an OpenSSL that supports a more recent protocol version than the ssl module is aware of. SSL_get_version() can then return a protocol (e.g. "TLSv1.3") that we don't know about, and have no way of converting to an existing constant. So perhaps we should really simply return the same string as OpenSSL? |
|
|
| msg216793 - (view) |
Author: Giampaolo Rodola' (giampaolo.rodola) * |
Date: 2014-04-18 18:51 |
| Debatable. Maybe I'm +0.1 for returning the plain string. IMO when it comes to stdlib modules, enums are only really useful for converting integer constants. |
|
|
| msg225726 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2014-08-23 04:06 |
| Here is a patch. Doc updates still missing. |
|
|
| msg226146 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2014-08-30 19:45 |
| Updated patch with doc. |
|
|
| msg226370 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2014-09-04 19:00 |
| New changeset 648685f8d5e9 by Antoine Pitrou in branch 'default': Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use. http://hg.python.org/cpython/rev/648685f8d5e9 |
|
|
| msg226371 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2014-09-04 19:02 |
| Pushed to default. |
|
|
| msg226375 - (view) |
Author: Alex Gaynor (alex) * |
Date: 2014-09-04 19:47 |
| Should this be backported to 2.7.9? |
|
|
| msg226376 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2014-09-04 19:55 |
| It's as you want, now. I don't think this is really important, though. |
|
|
| msg226377 - (view) |
Author: Alex Gaynor (alex) * |
Date: 2014-09-04 20:16 |
| Attached patch backports it (only change is the use of `closing()` and resolving the conflict in Misc/NEWS). I'll leave it up to benjamin whether he wants to commit (input from others welcome). My view is to prefer backporting stuff since it helps keep the diff small. |
|
|
| msg226379 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2014-09-04 20:33 |
| New changeset 16c86a6bdbe2 by Alex Gaynor in branch '2.7': Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use. http://hg.python.org/cpython/rev/16c86a6bdbe2 |
|
|