[issue27876] Add SSLContext.set_version_range(minver, maxver=None)

2018-02-25 Thread Christian Heimes 

Christian Heimes  added the comment:

My issue #32609 provides a better implementation.

--
resolution:  -> duplicate
stage:  -> resolved
status: open -> closed
superseder:  -> Add setter and getter for min/max protocol ersion

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27876] Add SSLContext.set_version_range(minver, maxver=None)

2017-01-06 Thread Christian Heimes 

Christian Heimes added the comment:

PoC implementation:

from enum import Enum
import ssl

OP_NO_TLSv1_3 = getattr(ssl, 'OP_NO_TLSv1_3', 0)

OP_NO_FLAGS = [
ssl.OP_NO_SSLv2,
ssl.OP_NO_SSLv3,
ssl.OP_NO_TLSv1,
ssl.OP_NO_TLSv1_1,
ssl.OP_NO_TLSv1_2,
OP_NO_TLSv1_3
]

OP_NO_MASK = sum(OP_NO_FLAGS)


class TLSVersions(Enum):
SSLv2 = 'SSL 2.0', 0x0200, 0
SSLv3 = 'SSL 3.0', 0x0300, 1
TLSv1 = 'TLS 1.0', 0x0301, 2
TLSv1_1 = 'TLS 1.1', 0x0302, 3
TLSv1_2 = 'TLS 1.2', 0x0303, 4

if OP_NO_TLSv1_3:
TLSv1_3 = 'TLS 1.3', 0x0304, 5
MAX = TLSv1_3
else:
MAX = TLSv1_2

MIN = TLSv1

def __init__(self, prettyname, wireprotocol, offset):
self.prettyname = prettyname
self.wireprotocol = wireprotocol
self.noflag = OP_NO_FLAGS[offset]
self.minflag = sum(OP_NO_FLAGS[:offset])
self.maxflag = sum(OP_NO_FLAGS[offset+1:])

def __repr__(self):
return ("<{0.__class__.__name__}.{0.name} "
"({0.prettyname}, 0x{0.wireprotocol:x})>").format(self)

__str__ = __repr__


class SSLContext(ssl.SSLContext):
def set_version(self, minver=TLSVersions.MIN, maxver=TLSVersions.MAX):
options = self.options & ~OP_NO_MASK
self.options = options | minver.minflag | maxver.maxflag


if __name__ == '__main__':
for name, member in TLSVersions.__members__.items():
print(name, member)

ctx = SSLContext(ssl.PROTOCOL_SSLv23)
print(ctx.options)
ctx.set_version(minver=TLSVersions.SSLv3, maxver=TLSVersions.TLSv1_1)
print(ctx.options)

--
versions: +Python 3.7 -Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27876] Add SSLContext.set_version_range(minver, maxver=None)

2016-09-15 Thread Giampaolo Rodola' 

Changes by Giampaolo Rodola' :


--
nosy:  -giampaolo.rodola

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27876] Add SSLContext.set_version_range(minver, maxver=None)

2016-09-15 Thread Christian Heimes 

Changes by Christian Heimes :


--
assignee:  -> christian.heimes
components: +SSL

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27876] Add SSLContext.set_version_range(minver, maxver=None)

2016-08-27 Thread Christian Heimes 

New submission from Christian Heimes:

OpenSSL 1.1 has deprecated all version specific TLS/SSL methods in favor of 
auto-negotiation (formerly known as SSLv23). It also introduced two macros to 
set the minimal and maximum TLS version with SSL_CTX_set_min_proto_version() 
and SSL_CTX_set_max_proto_version(). The macros can be emulated for OpenSSL < 
1.1 with reasonable effort.

I suggest that ssl.SSLContext introduces set_version_range(minver, maxver=None) 
method. It's less awkward to use than fiddling with modes and OP_NO_SSLv3.

--
components: Extension Modules
messages: 273772
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen
priority: normal
severity: normal
status: open
title: Add SSLContext.set_version_range(minver, maxver=None)
type: enhancement
versions: Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com