Steffen Ullrich added the comment:
It looks like the function shared_ciphers actually returned the list of client
ciphers when initially implemented although I think that the name is misleading
and suggests that it would return the ciphers shared between client and server
(i.e. same meaning
Steffen Ullrich added the comment:
Actually, it looks like that neither SSL_get_shared ciphers nor
SSL_get_client_ciphers nor accessing ssl->session->ciphers nor SSL_get_ciphers
return the **shared** ciphers. The first three seem to return the ciphers
offered by the client and the la
New submission from Steffen Ullrich :
The current implementation of shared_ciphers uses the SSL_get_ciphers method.
This method returns the list of configured ciphers (i.e. from the context) and
not the list of ciphers shared between client and server.
To get this list one can use the
Steffen Ullrich added the comment:
On Sun, Dec 11, 2016 at 08:26:32PM +, Christian Heimes
wrote:
>
> Christian Heimes added the comment:
>
> Python's implementation of host name verification conforms to RFC 6125,
> section 6.4.4. The CN check is optional (MAY
New submission from Steffen Ullrich:
from Lib/ssl.py
303elif key == 'IP Address':
304if host_ip is not None and _ipaddress_match(value, host_ip):
305return
306dnsnames.append(value)
307if not dnsnames:
308# The subject is on
Steffen Ullrich added the comment:
> What's the point of checking? Just call SSL_read() and catch the
> SSL_ERROR_WANT_{READ,WRITE} to determine that no data is available; as a
> bonus it also tells you whether you have to select() for read or for write.
A common scenario wit
Steffen Ullrich added the comment:
Data transport in SSL is not done with plain TCP, but with encoded frames
inside TCP. To get decoded data one has to first receive the full frame, even
if one is only interested in the first bytes. Example:
- server does an SSL_write with 200 bytes. This
