New submission from Christian Heimes:
SSLContext has a set_ciphers() method but no method to get the actual list of
enabled ciphers. https://github.com/tiran/cpython/tree/feature/openssl_ciphers
implements get_ciphers()
>>> import ssl, pprint
>>> ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
>>> ctx.set_ciphers('ECDHE+AESGCM:!ECDSA')
>>> pprint.pprint(ctx.get_ciphers())
[{'alg_bits': 256,
'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA '
'Enc=AESGCM(256) Mac=AEAD',
'id': 50380848,
'name': 'ECDHE-RSA-AES256-GCM-SHA384',
'protocol': 'TLSv1/SSLv3',
'strength_bits': 256},
{'alg_bits': 128,
'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA '
'Enc=AESGCM(128) Mac=AEAD',
'id': 50380847,
'name': 'ECDHE-RSA-AES128-GCM-SHA256',
'protocol': 'TLSv1/SSLv3',
'strength_bits': 128}]
With OpenSSL 1.1 the dict will have more fields.
Both the return value and functionality is different to
https://docs.python.org/3/library/ssl.html#ssl.SSLSocket.shared_ciphers .
----------
components: Library (Lib)
messages: 273703
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen
priority: normal
severity: normal
status: open
title: ssl: get list of enabled ciphers
type: enhancement
versions: Python 3.6
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue27866>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
