subject:"\[issue34971\] add support for tls\/ssl sessions in asyncio"

[issue34971] add support for tls/ssl sessions in asyncio

2019-06-06 Thread Cooper Lees



Change by Cooper Lees :


--
nosy: +cooperlees

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2019-02-16 Thread Rémi Cardona


Rémi Cardona  added the comment:

Anything I can do to get the ball rolling?  Let me know who to get in touch 
with and *how*, and I will.  Thanks

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2019-02-14 Thread Yury Selivanov



Yury Selivanov  added the comment:

Christian, do you think the sessions support shouldn't be added to asyncio in 
3.8?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2018-11-07 Thread Rémi Cardona


Rémi Cardona  added the comment:

So, IOW, the ssl module needs a good shakeup wrt TLS 1.3 sessions before any 
asyncio work can be merged.  Am I getting this right?

In which case, a whole other issue/PR is needed and possibly better folks than 
me.  I try to stay clear of low-level crypto APIs because I don't trust myself 
to get things right.  Well… I certainly can look at it, but I fear I may be 
punching above my weight with this.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2018-11-07 Thread Christian Heimes



Christian Heimes  added the comment:

The session code of the ssl is not compatible with TLS 1.3. Actually the whole 
API doesn't work with TLS 1.3. In TLS 1.2 and before, sessions had multiple 
security implications. For example they break PFS.

TLS 1.3 changed when sessions are exchanged and how session are resumed. 
Session data is no longer part of the handshake. Instead the server can send 
session tickets at any point after the handshake. A server can send multiple 
tickets (usually two) and tickets must only be reused once.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2018-11-07 Thread Rémi Cardona


Rémi Cardona  added the comment:

Hi Christian,

Could you tell me more about this new openssl API? Right now my patch works 
with whatever the ssl module provides. Are you suggesting the ssl module is in 
some way incomplete? Would supporting TLS 1.3 sessions be incompatible with the 
current session API?

I'd like to help wherever possible, but I'm probably missing some context 
and/or knowledge around all things TLS in cpython.

Thanks

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2018-10-22 Thread Christian Heimes



Christian Heimes  added the comment:

Don't use the existing session feature, yet. It only works for TLS 1.2 
connections. TLS 1.3 behaves differently. There are multiple session tickets 
(usually two) and tickets are sent after handshake. Further more, Python lacks 
clear shutdown of a connection, which causes further problems with session 
handling. See https://www.openssl.org/docs/manmaster/man3/SSL_get_session.html

--
nosy: +christian.heimes
versions: +Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2018-10-22 Thread Rémi Cardona


Rémi Cardona  added the comment:

Hi Andrew,

How should I proceed? What's the best avenue to get in touch with Yuri?

Thanks

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2018-10-13 Thread Rémi Cardona


Change by Rémi Cardona :


--
keywords: +patch
pull_requests: +9214
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2018-10-13 Thread Andrew Svetlov



Andrew Svetlov  added the comment:

TLS session support is awesome.

IFAIK ssl_proto.py is under heavy reconstruction now.
Please coordinate your work with Yuri.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

2018-10-13 Thread Rémi Cardona


New submission from Rémi Cardona :

cpython has had TLS session support since 3.6, using the SSLContext.wrap_* 
methods. Unfortunately, this support is not available when using asyncio's 
create_connection.

While I've managed to monkeypatch asyncio.sslproto._SSLPipe from my own code 
(it's a filthy hack but it's short and it gets the job done) running on 3.6.6, 
I feel this should be properly supported out of the box.

A patch is ready (tests work), a github PR will be created shortly.

Notes in no particular order:
- argument and attribute naming is all over the place, but I could not decide 
between "sslsession" (matching "sslcontext") and "ssl_session" (matching 
"ssl_handshake_timeout") so I just picked one
- tested on jessie (with openssl 1.0.2 from jessie-backports) and on gentoo
- the new asyncio tests added in the patch are adapted from test_ssl.py's 
test_session, with the server-side stats left out. I felt they were not useful 
if one assumes that the hard work is done by SSLContext.wrap_*.
- I did not reuse test_asyncio.utils.run_test_server which AIUI creates a new 
server-side context for each incoming connection, thus breaking sessions 
completely

TIA for considering this bug and patch

--
components: asyncio
messages: 327638
nosy: RemiCardona, asvetlov, yselivanov
priority: normal
severity: normal
status: open
title: add support for tls/ssl sessions in asyncio
type: enhancement

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

[issue34971] add support for tls/ssl sessions in asyncio

11 matches

Site Navigation

Mail list logo

Footer information