diff options
| author | Christian Heimes <christian@python.org> | 2018-05-22 22:50:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-05-22 22:50:12 +0200 |
| commit | e8eb6cb7920ded66abc5d284319a8539bdc2bae3 (patch) | |
| tree | 6c86c439524b77e25571201b59986d3dc5c61579 /Doc/library/ssl.rst | |
| parent | 6c4fab0f4b95410a1a964a75dcdd953697eff089 (diff) | |
| download | cpython-git-e8eb6cb7920ded66abc5d284319a8539bdc2bae3.tar.gz | |
bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)
Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.
Also update multissltests and Travis config to test with latest OpenSSL.
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Doc/library/ssl.rst')
| -rw-r--r-- | Doc/library/ssl.rst | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index dcb26664fe..2ccea13b61 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -169,11 +169,6 @@ purposes. 3DES was dropped from the default cipher string. - .. versionchanged:: 3.7 - - TLS 1.3 cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, - and TLS_CHACHA20_POLY1305_SHA256 were added to the default cipher string. - Exceptions ^^^^^^^^^^ @@ -1601,6 +1596,9 @@ to speed up repeated connections from the same clients. when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will give the currently selected cipher. + OpenSSL 1.1.1 has TLS 1.3 cipher suites enabled by default. The suites + cannot be disabled with :meth:`~SSLContext.set_ciphers`. + .. method:: SSLContext.set_alpn_protocols(protocols) Specify which protocols the socket should advertise during the SSL/TLS |