[3.7] bpo-32257: Add ssl.OP_NO_RENEGOTIATION (GH-5904) (#6877)
The ssl module now contains OP_NO_RENEGOTIATION constant, available with
OpenSSL 1.1.0h or 1.1.1.
Note, OpenSSL 1.1.0h hasn't been released yet.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 67c4801663
)
Co-authored-by: Christian Heimes <christian@python.org>
This commit is contained in:
parent
51b2f6d3a3
commit
e2db6ad1d9
|
@ -803,6 +803,15 @@ Constants
|
|||
The option is deprecated since OpenSSL 1.1.0. It was added to 2.7.15,
|
||||
3.6.3 and 3.7.0 for backwards compatibility with OpenSSL 1.0.2.
|
||||
|
||||
.. data:: OP_NO_RENEGOTIATION
|
||||
|
||||
Disable all renegotiation in TLSv1.2 and earlier. Do not send
|
||||
HelloRequest messages, and ignore renegotiation requests via ClientHello.
|
||||
|
||||
This option is only available with OpenSSL 1.1.0h and later.
|
||||
|
||||
.. versionadded:: 3.7
|
||||
|
||||
.. data:: OP_CIPHER_SERVER_PREFERENCE
|
||||
|
||||
Use the server's cipher ordering preference, rather than the client's.
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
The ssl module now contains OP_NO_RENEGOTIATION constant, available with
|
||||
OpenSSL 1.1.0h or 1.1.1.
|
|
@ -5845,6 +5845,10 @@ PyInit__ssl(void)
|
|||
PyModule_AddIntConstant(m, "OP_ENABLE_MIDDLEBOX_COMPAT",
|
||||
SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
|
||||
#endif
|
||||
#ifdef SSL_OP_NO_RENEGOTIATION
|
||||
PyModule_AddIntConstant(m, "OP_NO_RENEGOTIATION",
|
||||
SSL_OP_NO_RENEGOTIATION);
|
||||
#endif
|
||||
|
||||
#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
|
||||
PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT",
|
||||
|
|
Loading…
Reference in New Issue