Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--ssl — TLS 1.3 & Python 3.7 compatibility #722

Open
jaimejim opened this issue Oct 17, 2018 · 4 comments
Open

--ssl — TLS 1.3 & Python 3.7 compatibility #722

jaimejim opened this issue Oct 17, 2018 · 4 comments

Comments

@jaimejim
Copy link

Now that TLS1.3 is out [1] it would be great to add that to the list of supported ssl parameters.

[--ssl {ssl2.3,tls1,tls1.1,tls1.2}] [--cert CERT]

[1] https://tools.ietf.org/html/rfc8446
@ghost
Copy link

ghost commented Nov 1, 2018

I've tried to declare support (see the merge request). This would require OpenSSL v.1.1.1 (announcement) and the up-to-date python version (issue 33618 should be merged) merged.

jkbrzt pushed a commit that referenced this issue Nov 2, 2018
@jkbrzt
#722: Add support for tls1.3 (#724)
a7d5709 
* #722: Add support for tls1.3

* #722: Document the potential support for tls1.3
@jkbrzt
Copy link
Member

jkbrzt commented Nov 2, 2018

Merged, release coming soon. Cheers.

@jkbrzt jkbrzt closed this as completed Nov 2, 2018
@sethmlarson
Copy link

sethmlarson commented Jan 17, 2019
edited
Loading

Per Python 3.7's documentation there won't be a PROTOCOL_TLSv1_3 definition in the ssl module. To force the use TLSv1.3 in Python you have to do PROTOCOL_TLS | OP_NO_TLSv1_2 | OP_NO_TLSv1_1 | ...

@jkbrzt jkbrzt reopened this Feb 4, 2019
@jkbrzt jkbrzt changed the title TLS 1.3 --ssl — TLS 1.3 & Python 3.7 compatibility Feb 4, 2019
@jkbrzt jkbrzt added help wanted Extra attention is needed and removed help wanted Extra attention is needed labels Jun 18, 2020
@blyxxyz blyxxyz mentioned this issue Jun 16, 2021
Closed
@janbrasna janbrasna mentioned this issue May 10, 2022
Open
@janbrasna
Copy link
Contributor

janbrasna commented May 10, 2022
edited
Loading

@sethmlarson I actually think (and might have verified that in the past) that the current implementation works by running the constants in creating custom context through create_urllib3_context() that changes ssl.PROTOCOL_* to TLSVersion.* in background so that might be the reason this nonexistent "PROTOCOL_TLSv1_3" value fed into the lib does actually silently parse to TLSVersion.TLSv1_3 which itself is indeed valid for SSLContext.min|max* values. But yea, I wouldn't trust this construct not breaking anytime in the future with my life though;)

EDIT: Or I might have just been lucky that the server I tested against only supported TLSv1.3 or the cipher suite I tested meant using this highest version exclusively… so my observation might have been completely skewed 🤷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace psf/requests with an unofficial fork Ousret/httpie
5 participants
@jkbrzt @janbrasna @jaimejim @sethmlarson and others