Skip to content

Add ability to TLS 1.3 cipher suites on SSL Context #1432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add ability to TLS 1.3 cipher suites on SSL Context #1432

wants to merge 1 commit into from

Conversation

schwabe
Copy link
Contributor

@schwabe schwabe commented Jul 15, 2025

No description provided.

@schwabe
Copy link
Contributor Author

schwabe commented Jul 15, 2025

Needs test + changelog entry.

@schwabe schwabe force-pushed the set_tls13_ciphersuites branch from 0f13c17 to 406e319 Compare July 16, 2025 08:35
@alex
Copy link
Member

alex commented Jul 17, 2025

should be possible to rebase on main to resolve the CI issues

@schwabe schwabe force-pushed the set_tls13_ciphersuites branch 2 times, most recently from 182450c to c6fe5df Compare July 17, 2025 11:20
alex
alex reviewed Jul 17, 2025
View reviewed changes
src/OpenSSL/SSL.py Outdated

.. versionadded:: 25.2.0
"""
ciphersuites = _text_to_bytes_and_warn("ciphersuites", ciphersuites)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No warning for new APIs, we should strictly enforce types.

tests/test_ssl.py Outdated
)
def test_set_cipher_list(
def test_set_ciphersuites(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need tests for both, you can't get rid of the old test.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my mistake I copied the old and then messed up the existing one.

@schwabe schwabe force-pushed the set_tls13_ciphersuites branch 2 times, most recently from 8d7e2dd to 07815b9 Compare July 17, 2025 15:02
@schwabe schwabe force-pushed the set_tls13_ciphersuites branch from 07815b9 to 09a3e1f Compare July 17, 2025 15:42
alex
alex reviewed Jul 18, 2025
View reviewed changes
src/OpenSSL/SSL.py
@@ -1501,6 +1504,29 @@ def set_cipher_list(self, cipher_list: bytes) -> None:
],
)

@_require_not_used
def set_ciphersuites(self, ciphersuites: bytes) -> None:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@reaperhulk should this be set_tls13_ciphersuites, or just match the OpenSSL name?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I think we should put tls13 in there even though it's inconsistent with OpenSSL itself. Marginally less confusing to consumers or people reading code who haven't memorized the docstrings for every function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alex alex alex left review comments

@reaperhulk reaperhulk reaperhulk left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@schwabe @alex @reaperhulk