(original) (raw)

changeset: 74075:c706f76c9ea8 user: Antoine Pitrou solipsis@pitrou.net date: Mon Dec 19 13:27:11 2011 +0100 files: Doc/library/ssl.rst Lib/ssl.py Lib/test/test_ssl.py Misc/NEWS Modules/_ssl.c description: Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers choose the cipher based on their own preferences, rather than on the client's. diff -r 020260ec44f2 -r c706f76c9ea8 Doc/library/ssl.rst --- a/Doc/library/ssl.rst Mon Dec 19 12:19:52 2011 +0100 +++ b/Doc/library/ssl.rst Mon Dec 19 13:27:11 2011 +0100 @@ -421,6 +421,13 @@ .. versionadded:: 3.2 +.. data:: OP_CIPHER_SERVER_PREFERENCE + + Use the server's cipher ordering preference, rather than the client's. + This option has no effect on client sockets and SSLv2 server sockets. + + .. versionadded:: 3.3 + .. data:: HAS_SNI Whether the OpenSSL library has built-in support for the *Server Name diff -r 020260ec44f2 -r c706f76c9ea8 Lib/ssl.py --- a/Lib/ssl.py Mon Dec 19 12:19:52 2011 +0100 +++ b/Lib/ssl.py Mon Dec 19 13:27:11 2011 +0100 @@ -66,7 +66,10 @@ SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED -from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 +from _ssl import ( + OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1, + OP_CIPHER_SERVER_PREFERENCE, + ) from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes from _ssl import ( SSL_ERROR_ZERO_RETURN, diff -r 020260ec44f2 -r c706f76c9ea8 Lib/test/test_ssl.py --- a/Lib/test/test_ssl.py Mon Dec 19 12:19:52 2011 +0100 +++ b/Lib/test/test_ssl.py Mon Dec 19 13:27:11 2011 +0100 @@ -98,6 +98,7 @@ ssl.CERT_NONE ssl.CERT_OPTIONAL ssl.CERT_REQUIRED + ssl.OP_CIPHER_SERVER_PREFERENCE self.assertIn(ssl.HAS_SNI, {True, False}) def test_random(self): diff -r 020260ec44f2 -r c706f76c9ea8 Misc/NEWS --- a/Misc/NEWS Mon Dec 19 12:19:52 2011 +0100 +++ b/Misc/NEWS Mon Dec 19 13:27:11 2011 +0100 @@ -419,6 +419,10 @@ Library ------- +- Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers + choose the cipher based on their own preferences, rather than on the + client's. + - Issue #11813: Fix inspect.getattr_static for modules. Patch by Andreas Stührk. diff -r 020260ec44f2 -r c706f76c9ea8 Modules/_ssl.c --- a/Modules/_ssl.c Mon Dec 19 12:19:52 2011 +0100 +++ b/Modules/_ssl.c Mon Dec 19 13:27:11 2011 +0100 @@ -2450,6 +2450,8 @@ PyModule_AddIntConstant(m, "OP_NO_SSLv2", SSL_OP_NO_SSLv2); PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3); PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1); + PyModule_AddIntConstant(m, "OP_CIPHER_SERVER_PREFERENCE", + SSL_OP_CIPHER_SERVER_PREFERENCE); #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME r = Py_True; /solipsis@pitrou.net