[Python-Dev] Let's make the SSL module sane (original) (raw)

Christian Heimes christian at python.org
Sat Sep 10 15:20:17 EDT 2016

• Previous message (by thread): [Python-Dev] Let's make the SSL module sane
• Next message (by thread): [Python-Dev] Let's make the SSL module sane
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2016-09-10 17:24, Nick Coghlan wrote:

On 11 September 2016 at 00:22, Christian Heimes <christian at python.org> wrote:

First I like to deprecated some old APIs and favor of SSLCotext. We have multiple ways to create a SSL socket or to configure libraries like urllib. The general idea is to make SSLContext the central object for TLS/SSL configuration. My patch deprecates ssl.wrapsocket() I'll bring over my question from the tracker issue to here: there's a subset of ssl.wrapsocket() arguments which actually make sense as arguments to ssl.getdefaultcontext().wrapsocket(). Accordingly, we can pick a subset of code (e.g. SSL/TLS clients) that we bless with not needing to change, leaving only code using deprecated parameters or creating server sockets that needs to be updated.

Do you consider ssl.wrap_socket() relevant for so many projects? The function hurts performance and is no longer best practice. The deprecation of ssl.wrap_socket() is a friendly nudge. I don't mind to keep it around for another four or six years.

There is one other use case not covered by SSLContext.wrap_socket() but by SSLSocket.init(). The SSLSocket constructor takes a fileno argument. But it's an undocumented feature and it's broken since at least 3.3. https://bugs.python.org/issue27629

As with past network security changes, a major factor we need to account for is that no matter how valuable a particular goal is from a broader industry perspective, people don't tend to react to API breaks by fixing their code - they react by not upgrading at all.

I totally agree and have been verify careful to keep backwards compatibility. My third patch breaks just one scenario: ssl.create_default_context(purpose=Purpose.SERVER_AUTH) no longer supports server-side connections and CLIENT_AUTH no longer client-side connections. It's the good kind of incompatibility because it reveals API misuse. Application should never have used SERVER_AUTH context to create server sockets.

Christian

• Previous message (by thread): [Python-Dev] Let's make the SSL module sane
• Next message (by thread): [Python-Dev] Let's make the SSL module sane
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list