[issue34971] add support for tls/ssl sessions in asyncio

Change by Cooper Lees : -- nosy: +cooperlees ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyt

[issue34971] add support for tls/ssl sessions in asyncio

Rémi Cardona added the comment: Anything I can do to get the ball rolling? Let me know who to get in touch with and *how*, and I will. Thanks -- ___ Python tracker ___ _

[issue34971] add support for tls/ssl sessions in asyncio

Yury Selivanov added the comment: Christian, do you think the sessions support shouldn't be added to asyncio in 3.8? -- ___ Python tracker ___ ___

[issue34971] add support for tls/ssl sessions in asyncio

Rémi Cardona added the comment: So, IOW, the ssl module needs a good shakeup wrt TLS 1.3 sessions before any asyncio work can be merged. Am I getting this right? In which case, a whole other issue/PR is needed and possibly better folks than me. I try to stay clear of low-level crypto APIs b

[issue34971] add support for tls/ssl sessions in asyncio

Christian Heimes added the comment: The session code of the ssl is not compatible with TLS 1.3. Actually the whole API doesn't work with TLS 1.3. In TLS 1.2 and before, sessions had multiple security implications. For example they break PFS. TLS 1.3 changed when sessions are exchanged and ho

[issue34971] add support for tls/ssl sessions in asyncio

Rémi Cardona added the comment: Hi Christian, Could you tell me more about this new openssl API? Right now my patch works with whatever the ssl module provides. Are you suggesting the ssl module is in some way incomplete? Would supporting TLS 1.3 sessions be incompatible with the current ses

[issue34971] add support for tls/ssl sessions in asyncio

Christian Heimes added the comment: Don't use the existing session feature, yet. It only works for TLS 1.2 connections. TLS 1.3 behaves differently. There are multiple session tickets (usually two) and tickets are sent after handshake. Further more, Python lacks clear shutdown of a connectio

[issue34971] add support for tls/ssl sessions in asyncio

Rémi Cardona added the comment: Hi Andrew, How should I proceed? What's the best avenue to get in touch with Yuri? Thanks -- ___ Python tracker ___ __

[issue34971] add support for tls/ssl sessions in asyncio

Change by Rémi Cardona : -- keywords: +patch pull_requests: +9214 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-list

[issue34971] add support for tls/ssl sessions in asyncio

Andrew Svetlov added the comment: TLS session support is awesome. IFAIK ssl_proto.py is under heavy reconstruction now. Please coordinate your work with Yuri. -- ___ Python tracker _

[issue34971] add support for tls/ssl sessions in asyncio

New submission from Rémi Cardona : cpython has had TLS session support since 3.6, using the SSLContext.wrap_* methods. Unfortunately, this support is not available when using asyncio's create_connection. While I've managed to monkeypatch asyncio.sslproto._SSLPipe from my own code (it's a filt