| msg273703 - (view) |
Author: Christian Heimes (christian.heimes) *  |
Date: 2016-08-26 11:29 |
| SSLContext has a set_ciphers() method but no method to get the actual list of enabled ciphers. https://github.com/tiran/cpython/tree/feature/openssl_ciphers implements get_ciphers() >>> import ssl, pprint >>> ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) >>> ctx.set_ciphers('ECDHE+AESGCM:!ECDSA') >>> pprint.pprint(ctx.get_ciphers()) [{'alg_bits': 256, 'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA ' 'Enc=AESGCM(256) Mac=AEAD', 'id': 50380848, 'name': 'ECDHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1/SSLv3', 'strength_bits': 256}, {'alg_bits': 128, 'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA ' 'Enc=AESGCM(128) Mac=AEAD', 'id': 50380847, 'name': 'ECDHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1/SSLv3', 'strength_bits': 128}] With OpenSSL 1.1 the dict will have more fields. Both the return value and functionality is different to https://docs.python.org/3/library/ssl.html#ssl.SSLSocket.shared_ciphers . |
|
|
| msg274113 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2016-09-01 09:33 |
| What does "kea" mean? Key exchange? |
|
|
| msg274115 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2016-09-01 10:21 |
| KEA stands for key exchange algorithm. |
|
|
| msg274443 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2016-09-05 22:05 |
| New changeset ca8d7cb55a8e by Christian Heimes in branch 'default': Issue #27866: Add SSLContext.get_ciphers() method to get a list of all enabled ciphers. https://hg.python.org/cpython/rev/ca8d7cb55a8e |
|
|
| msg274515 - (view) |
Author: Martin Panter (martin.panter) * |
Date: 2016-09-06 04:32 |
| Fails on the Gentoo buildbots: http://buildbot.python.org/all/builders/x86%20Gentoo%20Non-Debug%20with%20X%203.x/builds/1368/steps/test/logs/stdio ====================================================================== ERROR: test_get_ciphers (test.test_ssl.ContextTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/buildbot/buildarea/3.x.ware-gentoo-x86.nondebug/build/Lib/test/test_ssl.py", line 840, in test_get_ciphers ctx.set_ciphers('ECDHE+AESGCM:!ECDSA') ssl.SSLError: ('No cipher can be selected.',) |
|
|
| msg274540 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2016-09-06 08:46 |
| New changeset 9377ed49746b by Christian Heimes in branch 'default': Issue 27866: relax test case for set_cipher() and allow more cipher suites https://hg.python.org/cpython/rev/9377ed49746b |
|
|
| msg274545 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2016-09-06 09:27 |
| New changeset dad4c42869f6 by Christian Heimes in branch 'default': Issue 27866: relax get_cipher() test even more. Gentoo buildbot has no ECDHE https://hg.python.org/cpython/rev/dad4c42869f6 |
|
|
| msg274552 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2016-09-06 11:16 |
| I have relaxed the tests and stabilized the buildbots. Some Gentoo machines don't have ECDHE cipher suites enabled. |
|
|
| msg276011 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2016-09-12 10:00 |
| New changeset 2a1c7d0fdde6 by Victor Stinner in branch 'default': Issue #27866: Fix refleak in cipher_to_dict() https://hg.python.org/cpython/rev/2a1c7d0fdde6 |
|
|