https://github.com/python/cpython/commit/4f59f8638267aa64ad2daa0111d8b7fdc2499834 commit: 4f59f8638267aa64ad2daa0111d8b7fdc2499834 branch: main author: mm-matthias <[email protected]> committer: gpshead <[email protected]> date: 2024-06-16T13:27:44-07:00 summary:
gh-118596: Add thread-safety clarifications to the SSLContext documentation (#118597) Add thread-safety clarifications to the SSLContext documentation. Per the issue: This issue has also come up [here](https://github.com/psf/requests/pull/6667) where the matter was clarified by @tiran in [this comment](https://github.com/psf/requests/pull/6667): > `SSLContext` is designed to be shared and used for multiple connections. It > is thread safe as long as you don't reconfigure it once it is used by a > connection. Adding new certs to the internal trust store is fine, but > changing ciphers, verification settings, or mTLS certs can lead to surprising > behavior. The problem is unrelated to threads and can even occur in a > single-threaded program. files: M Doc/library/ssl.rst diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 99abf45469018e..dc72f67c6361e2 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -1472,6 +1472,19 @@ to speed up repeated connections from the same clients. :data:`PROTOCOL_TLS`, :data:`PROTOCOL_TLS_CLIENT`, and :data:`PROTOCOL_TLS_SERVER` use TLS 1.2 as minimum TLS version. + .. note:: + + :class:`SSLContext` only supports limited mutation once it has been used + by a connection. Adding new certificates to the internal trust store is + allowed, but changing ciphers, verification settings, or mTLS + certificates may result in surprising behavior. + + .. note:: + + :class:`SSLContext` is designed to be shared and used by multiple + connections. + Thus, it is thread-safe as long as it is not reconfigured after being + used by a connection. :class:`SSLContext` objects have the following methods and attributes: _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-checkins.python.org/ Member address: [email protected]
