[issue34670] Add set_post_handshake_auth for TLS 1.3

Christian Heimes added the comment: I don't think is anything left to do here. PHA has been supported for a while and I haven't seen any problems. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue34670] Add set_post_handshake_auth for TLS 1.3

Nathaniel Smith added the comment: FYI Christian, your "typical scenario for HTTP" doesn't make sense to me... you can't send HTTP Connection Upgrade in the middle of a regular request/response cycle. I feel like the typical scenario ought to be more like: * client * send ``HTTP GET

[issue34670] Add set_post_handshake_auth for TLS 1.3

Dimitri John Ledkov added the comment: Will this be backported to the 2.7 branch as well? Pretty please =) -- nosy: +xnox ___ Python tracker ___

[issue34670] Add set_post_handshake_auth for TLS 1.3

miss-islington added the comment: New changeset 94812f717dde8b11a9ad9c0fd5be66ff9bd53f58 by Miss Islington (bot) (Christian Heimes) in branch '3.6': [3.6] bpo-34670: Add TLS 1.3 post handshake auth (GH-9460) (GH-9507)

[issue34670] Add set_post_handshake_auth for TLS 1.3

miss-islington added the comment: New changeset 2756ef31656399a120589b7aa19c32e2b91a4758 by Miss Islington (bot) (Christian Heimes) in branch '3.7': [3.7] bpo-34670: Add TLS 1.3 post handshake auth (GH-9460) (GH-9505)

[issue34670] Add set_post_handshake_auth for TLS 1.3

Change by Christian Heimes : -- pull_requests: +8914 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34670] Add set_post_handshake_auth for TLS 1.3

Change by Christian Heimes : -- pull_requests: +8912 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34670] Add set_post_handshake_auth for TLS 1.3

miss-islington added the comment: New changeset 9fb051f032c36b9f6086b79086b4d6b7755a3d70 by Miss Islington (bot) (Christian Heimes) in branch 'master': bpo-34670: Add TLS 1.3 post handshake auth (GH-9460) https://github.com/python/cpython/commit/9fb051f032c36b9f6086b79086b4d6b7755a3d70

[issue34670] Add set_post_handshake_auth for TLS 1.3

Christian Heimes added the comment: Please note that SSL_verify_client_post_handshake() doesn't perform any IO by itself. A typical scenario for HTTP looks like this (actual flow may vary): * client * send ``HTTP GET /path`` * server * recv * verify_client_post_handshake * send HTTP

[issue34670] Add set_post_handshake_auth for TLS 1.3

Change by Christian Heimes : -- keywords: +patch pull_requests: +8874 stage: needs patch -> patch review ___ Python tracker ___ ___

[issue34670] Add set_post_handshake_auth for TLS 1.3

New submission from Christian Heimes : TLS 1.3 removed renegotiation in favor of rekeying and post handshake authentication (PHA). With PHA, a server can request a client certificate from a client at some point after the handshake. The feature is commonly used by HTTP server for conditional