Christian Heimes <li...@cheimes.de> added the comment: Thanks for your feature request, Hanno.
It's fairly easy to implement with current API for TLS protocols up to TLS 1.2, e.g. cipher suite "DEFAULT:!aRSA:!aDSS" or "aECDSA:!NULL" for ECDSA certs. However TLS 1.3 cipher suites no longer specify authentication and KE/KX algorithms, e.g. TLS13-AES-256-GCM-SHA384. I have to find a way to force OpenSSL's state machine to establish a connection with a specific authentication algorithm. Memo to me: TLS 1.3 also has EdDSA. ---------- nosy: +alex, dstufft, janssen versions: +Python 2.7, Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue31892> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com