Christian Heimes <li...@cheimes.de> added the comment: Example implementation of get_server_certificate() with cert type: https://gist.github.com/tiran/6e7a5b00483376e164c951730db7d4e5
TLS 1.3 has a signature_algorithms extension that allows a client to have even more control over the selected certificate and signature algorithms. It defines authentication algorithm (RSA, ECDSA, EdDSA), signature scheme (PKCS#1 v1.5 or PKCS#1 v2.1 aka RSA-PSS for RSA, curve for ECDSA), and hashing algorithm (SHA-1, SHA-2 256/384/512). https://tools.ietf.org/html/draft-ietf-tls-tls13-21#section-4.2.3 I've contacted openssl maintainers and asked them for advice: https://mta.openssl.org/pipermail/openssl-users/2017-November/006834.html ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue31892> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
