subject:"\[issue41195\] Interface to OpenSSL's security level"

[issue41195] Interface to OpenSSL's security level

2021-04-17 Thread Christian Heimes



Christian Heimes  added the comment:

The getter is available in 3.10. Thanks for your contribution!

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41195] Interface to OpenSSL's security level

2020-07-17 Thread miss-islington



miss-islington  added the comment:


New changeset 8e836bb21ce73f0794fd769db5883c29680dfe47 by matthewhughes934 in 
branch 'master':
bpo-41195: Add getter for Openssl security level (GH-21282)
https://github.com/python/cpython/commit/8e836bb21ce73f0794fd769db5883c29680dfe47


--
nosy: +miss-islington

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41195] Interface to OpenSSL's security level

2020-07-05 Thread Christian Heimes



Christian Heimes  added the comment:

Users can set the current security level in either an OpenSSL config file or 
with ctx.set_cipher("@SECLEVEL=i:...").

--
versions: +Python 3.10

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41195] Interface to OpenSSL's security level

2020-07-04 Thread Antoine Pitrou



Antoine Pitrou  added the comment:

No strong feelings on this, but the OpenSSL runtime is not always packaged by a 
Linux distribution.  (macOS, Windows and Anaconda come to mind)

If one wants to retain the setter facility, one could raise a RuntimeWarning if 
the user *lowers* the actual security level.

--
nosy: +pitrou

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41195] Interface to OpenSSL's security level

2020-07-02 Thread Matthew Hughes



Change by Matthew Hughes :


--
pull_requests: +20431
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/21282

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41195] Interface to OpenSSL's security level

2020-07-02 Thread Matthew Hughes



Matthew Hughes  added the comment:

> Applications should not change this setting
> A read-only getter for the policy sounds like a good idea, though.

Thanks for the feedback, sounds reasonable to me. I'll happily work on getting 
a PR up for the read-only setter.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41195] Interface to OpenSSL's security level

2020-07-02 Thread Christian Heimes



Christian Heimes  added the comment:

I'm not sure it's a good idea to expose a setter for security level. In general 
the security level is a system-wide policy decision that should be controlled 
by administrators. Applications should not change this setting.

Python libraries tend to follow bad practices and cargo cult when it comes to 
TLS settings. Many years ago OpenSSL and Linux distributions had bad default 
settings. Nowadays OpenSSL has good defaults and distributions often set even 
stricter defaults.

A read-only getter for the policy sounds like a good idea, though.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41195] Interface to OpenSSL's security level

2020-07-02 Thread Matthew Hughes



New submission from Matthew Hughes :

While investigating Python's SSL I noticed there was no interface for 
interacting with OpenSSL's SSL_CTX_{get,set}_security_level 
(https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_security_level.html) 
so I thought I'd look into adding one (see attached patch). I'd be happy to put 
up a PR, but I have node idea if this feature would actually be desired.

--
assignee: christian.heimes
components: SSL
files: add_ssl_context_security_level.patch
keywords: patch
messages: 372839
nosy: christian.heimes, mhughes
priority: normal
severity: normal
status: open
title: Interface to OpenSSL's security level
type: enhancement
Added file: 
https://bugs.python.org/file49291/add_ssl_context_security_level.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41195] Interface to OpenSSL's security level

[issue41195] Interface to OpenSSL's security level

[issue41195] Interface to OpenSSL's security level

[issue41195] Interface to OpenSSL's security level

[issue41195] Interface to OpenSSL's security level

[issue41195] Interface to OpenSSL's security level

[issue41195] Interface to OpenSSL's security level

[issue41195] Interface to OpenSSL's security level

8 matches

Site Navigation

Mail list logo

Footer information