[Python-Dev] PEP 543-conform TLS library (original) (raw)

Mathias Laurin mathias.laurin at gmail.com
Fri Oct 26 15:34:38 EDT 2018


Hello Python Dev,

I posted the following to python-ideas but here may be a more suitable place. I apologize if cross posting bothers anyone.

I have implemented an (I believe) PEP 543-conform TLS library and released TLS support in the latest version yesterday:

https://github.com/Synss/python-mbedtls/tree/0.13.0 https://pypi.org/project/python-mbedtls/0.13.0/

As far as I know, I am the first one to follow PEP 543. So one point is that the API works. However, I have a couple of questions regarding the PEP:

For now, I am doing the handshake in TLSWrappedSocket.do_handshake(): I set the BIO to using the socket directly, then perform the handshake on the socket thus entirely bypassing the TLSWrappedBuffer. Once this is done, I swap the BIO to using the buffer and go on encrypting and decrypting from the buffer. That is, the encrypted communication is buffered.

I have implemented it with a single circular buffer (that is a stream after all). What the PEP is expecting is nonetheless not clear to me.

So, can anybody clarify these two points from the PEP?

Or should I just address Cory Benfield (who does not seem very active anymore lately) and Christian Heimes directly?

Cheers, Mathias



More information about the Python-Dev mailing list