[issue32882] SSLContext.set_ecdh_curve() not accepting x25519
sruester added the comment: PEP 543 was withdrawn in the meantime. Any suggestion how to proceed with this? -- versions: +Python 3.10, Python 3.11, Python 3.9 ___ Python tracker <https://bugs.python.org/issue32882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32883] Key agreement parameters not accessible
sruester <stefan.rues...@rub.de> added the comment: How about a new method crypto_information() and making cipher() a wrapper around that one? The former could return a named tupple with handshake information together with all other relevant crypto information about the current session. This would eliminate the need to define several new methods while keeping backwards compatibility of cipher(). -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32883> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32882] SSLContext.set_ecdh_curve() not accepting x25519
Change by sruester <stefan.rues...@rub.de>: -- pull_requests: +5550 ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32882] SSLContext.set_ecdh_curve() not accepting x25519
Change by sruester <stefan.rues...@rub.de>: -- keywords: +patch pull_requests: +5549 stage: needs patch -> patch review ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32858] Improve OpenSSL ECDH support
sruester <stefan.rues...@rub.de> added the comment: I agree, we shouldn't support that confusion. I opened two separate issues https://bugs.python.org/issue32882 and https://bugs.python.org/issue32883 and will close this one now. -- resolution: -> wont fix stage: patch review -> resolved status: open -> closed ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32858> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32883] Key agreement parameters not accessible
New submission from sruester <stefan.rues...@rub.de>: Using python it is not possible to retrieve information about the key exchange/agreement method that was used during session setup. A method should be added to a suitable SSL* object that allows to retrieve information such as whether ECDH with which curves, or DH, or neither was used. -- assignee: christian.heimes components: SSL messages: 312406 nosy: christian.heimes, sruester priority: normal severity: normal status: open title: Key agreement parameters not accessible type: enhancement ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32883> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32882] SSLContext.set_ecdh_curve() not accepting x25519
New submission from sruester <stefan.rues...@rub.de>: Using SSLContext.set_ecdh_curve() it is neither possible to choose X25519, nor to choose a list of curves to be used for key agreement. -- assignee: christian.heimes components: SSL messages: 312405 nosy: christian.heimes, sruester priority: normal severity: normal status: open title: SSLContext.set_ecdh_curve() not accepting x25519 ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32858] Improve OpenSSL ECDH support
sruester <stefan.rues...@rub.de> added the comment: AppVeyor build failed for pull request 5707. It looks like there was a problem with the build environment. -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32858> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32858] Improve OpenSSL ECDH support
Change by sruester <stefan.rues...@rub.de>: -- pull_requests: +5495 ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32858> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32858] Improve OpenSSL ECDH support
sruester <stefan.rues...@rub.de> added the comment: I'd really love to see kxinfo() or a similar method in the standard. I chose to implement it similar to cipher() which seemed to be a good idea then. If there are any objections, please let's discuss how that information can be made available otherwise. If that's ok, I will open another pull request which only contains kxinfo or similar. It is, however, not sufficient without set_ecdh_curve's support for X25519 in some cases (my case ^^). Changing the implementation of set_ecdh_curve seems necessary anyway, as it does not support X25519 at all, and it does not allow defining multiple curves. Maybe we can do both, update PEP 543 to address the needs and implement it (in an OpenSSL centric way) for the current version. -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32858> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32858] Improve OpenSSL ECDH support
sruester <stefan.rues...@rub.de> added the comment: Attached script shows usage -- Added file: https://bugs.python.org/file47449/ssl-host-check.py ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32858> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32858] Improve OpenSSL ECDH support
sruester <stefan.rues...@rub.de> added the comment:
With OpenSSL 1.1.0g, the Code
int nid = OBJ_sn2nid("X25519");
EC_KEY *key = EC_KEY_new_by_curve_name(nid);
printf("id:%i key:%p\n", nid, key);
gives
id:1034 key:(nil)
EC_KEY_new_by_curve_name is IMHO not the best option to define client side
curves. It can only select a single curve to be offered to the server, and it
does not (for whatever reason) support X25519 yet.
SSL_CTX_set1_curves_list() provides both, selection of multiple curves for the
client's preference list and it supports X25519 out of the box.
Aside from this I am missing a method in SSLSocket to give me information about
the key exchange (DH, ECDH, which curve was chosen, which bit size DH keys had,
...).
I prepared a pull request which addresses both. Please review and be gentle, it
is my first pull request here :-)
--
___
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue32858>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32858] Improve OpenSSL ECDH support
Change by sruester <stefan.rues...@rub.de>: -- keywords: +patch pull_requests: +5489 stage: needs patch -> patch review ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32858> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
