[issue41195] Interface to OpenSSL's security level

2021-04-17 Thread Christian Heimes
Christian Heimes added the comment: The getter is available in 3.10. Thanks for your contribution! -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue41195] Interface to OpenSSL's security level

2020-07-17 Thread miss-islington
miss-islington added the comment: New changeset 8e836bb21ce73f0794fd769db5883c29680dfe47 by matthewhughes934 in branch 'master': bpo-41195: Add getter for Openssl security level (GH-21282) https://github.com/python/cpython/commit/8e836bb21ce73f0794fd769db5883c29680dfe47 -- nosy:

[issue41195] Interface to OpenSSL's security level

2020-07-05 Thread Christian Heimes
Christian Heimes added the comment: Users can set the current security level in either an OpenSSL config file or with ctx.set_cipher("@SECLEVEL=i:..."). -- versions: +Python 3.10 ___ Python tracker

[issue41195] Interface to OpenSSL's security level

2020-07-04 Thread Antoine Pitrou
Antoine Pitrou added the comment: No strong feelings on this, but the OpenSSL runtime is not always packaged by a Linux distribution. (macOS, Windows and Anaconda come to mind) If one wants to retain the setter facility, one could raise a RuntimeWarning if the user *lowers* the actual

[issue41195] Interface to OpenSSL's security level

2020-07-02 Thread Matthew Hughes
Change by Matthew Hughes : -- pull_requests: +20431 stage: -> patch review pull_request: https://github.com/python/cpython/pull/21282 ___ Python tracker ___

[issue41195] Interface to OpenSSL's security level

2020-07-02 Thread Matthew Hughes
Matthew Hughes added the comment: > Applications should not change this setting > A read-only getter for the policy sounds like a good idea, though. Thanks for the feedback, sounds reasonable to me. I'll happily work on getting a PR up for the read-only setter. --

[issue41195] Interface to OpenSSL's security level

2020-07-02 Thread Christian Heimes
Christian Heimes added the comment: I'm not sure it's a good idea to expose a setter for security level. In general the security level is a system-wide policy decision that should be controlled by administrators. Applications should not change this setting. Python libraries tend to follow

[issue41195] Interface to OpenSSL's security level

2020-07-02 Thread Matthew Hughes
New submission from Matthew Hughes : While investigating Python's SSL I noticed there was no interface for interacting with OpenSSL's SSL_CTX_{get,set}_security_level (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_security_level.html) so I thought I'd look into adding one (see