Christian Heimes <li...@cheimes.de> added the comment:
Thanks for your PR. Before we move forward, let's discuss reasoning and API design first. Why should a Python application be able to modify the signature algorithms? The default settings are safe and sane. Security properties should rather be set system-wide with a crypto policy in OpenSSL's global config file. Application specific settings can cause security or compatibility issues. **If** there is a solid reason to expose the feature, then - the API should be modeled after SSLContext.set_alpn_protocols() and accept a sequence of strings. - the API should also be able to return currently enabled and perhaps currently available algorithms. - the ssl module should get an enum of common algorithms with names based on IANA's TLS parameter list. - the PR needs tests and documentation ---------- type: -> enhancement _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue44811> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
