[3.7] bpo-32257: Add ssl.OP_NO_RENEGOTIATION (GH-5904) (#6877)

The ssl module now contains OP_NO_RENEGOTIATION constant, available with
OpenSSL 1.1.0h or 1.1.1.

Note, OpenSSL 1.1.0h hasn't been released yet.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 67c4801663)

Co-authored-by: Christian Heimes <christian@python.org>
This commit is contained in:
Miss Islington (bot) 2018-05-16 07:26:19 -07:00 committed by Christian Heimes
parent 51b2f6d3a3
commit e2db6ad1d9
3 changed files with 15 additions and 0 deletions

View File

@ -803,6 +803,15 @@ Constants
The option is deprecated since OpenSSL 1.1.0. It was added to 2.7.15,
3.6.3 and 3.7.0 for backwards compatibility with OpenSSL 1.0.2.
.. data:: OP_NO_RENEGOTIATION
Disable all renegotiation in TLSv1.2 and earlier. Do not send
HelloRequest messages, and ignore renegotiation requests via ClientHello.
This option is only available with OpenSSL 1.1.0h and later.
.. versionadded:: 3.7
.. data:: OP_CIPHER_SERVER_PREFERENCE
Use the server's cipher ordering preference, rather than the client's.

View File

@ -0,0 +1,2 @@
The ssl module now contains OP_NO_RENEGOTIATION constant, available with
OpenSSL 1.1.0h or 1.1.1.

View File

@ -5845,6 +5845,10 @@ PyInit__ssl(void)
PyModule_AddIntConstant(m, "OP_ENABLE_MIDDLEBOX_COMPAT",
SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
#endif
#ifdef SSL_OP_NO_RENEGOTIATION
PyModule_AddIntConstant(m, "OP_NO_RENEGOTIATION",
SSL_OP_NO_RENEGOTIATION);
#endif
#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT",