[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7 (original) (raw)
Victor Stinner victor.stinner at gmail.com
Wed Jun 7 09:29:19 EDT 2017
- Previous message (by thread): [Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
- Next message (by thread): [Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2017-06-07 10:56 GMT+02:00 Nathaniel Smith <njs at pobox.com>:
Another testing challenge is that the stdlib ssl module has no way to trigger a renegotiation, and therefore there's no way to write tests to check that it properly handles a renegotiation, even though renegotiation is by far the trickiest part of the protocol to get right. (In particular, renegotiation is the only case where attempting to read can give WantWrite and vice-versa.)
Renegociation was the source of a vulnerability in SSL/TLS protocols, so maybe it's a good thing that it's not implemented :-) https://www.rapid7.com/db/vulnerabilities/tls-sess-renegotiation
Renegociation was removed from the new TLS 1.3 protocol: https://tlswg.github.io/tls13-spec/ "TLS 1.3 forbids renegotiation"
Victor
- Previous message (by thread): [Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
- Next message (by thread): [Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]