cpython icon indicating copy to clipboard operation
cpython copied to clipboard

Published 20 hours ago verified publisher icon python

bpo-32882: Added support for X25519 in SSLContext.set_ecdh_curve()

Open sruester opened this issue 7 years ago • 8 comments

bpo-32882: Added support for selecting X25519 in SSLContext.set_ecdh_curve()

https://bugs.python.org/issue32882

sruester avatar Feb 20 '18 10:02 sruester

Is this ever going to be implemented? and/or backported to 3.7!?

VeNoMouS avatar May 06 '20 03:05 VeNoMouS

It is still intended to create a "unified" solution for TLS (https://www.python.org/dev/peps/pep-0543/). IMHO, until then we could well live with the "not unified, but usable" solution.

sruester avatar May 19 '20 07:05 sruester

I ended up writing my own C API implementation that takes the ssl context ptr address, that way i can just import it as a module

VeNoMouS avatar May 19 '20 07:05 VeNoMouS

I have replied to you on BPO twenty minutes after you have opened the bug in 2018, https://bugs.python.org/issue32882#msg312408

tl;dr the improve is a good idea in general, but the API should be more generic and not require the user to know curve names. Therefore I proposed to use a list of curve names, preferable from an enum of supported curve names.

tiran avatar May 19 '20 12:05 tiran

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

bedevere-bot avatar May 19 '20 13:05 bedevere-bot

I have replied to you on BPO twenty minutes after you have opened the bug in 2018, https://bugs.python.org/issue32882#msg312408

tl;dr the improve is a good idea in general, but the API should be more generic and not require the user to know curve names. Therefore I proposed to use a list of curve names, preferable from an enum of supported curve names.

I disagree, the user should also have the ability to set curves as they see fit and not be locked down by restrictions like they currently are.

Can't we have both? have a default "preferable" list... but also give the functionality to manipulate OpenSSL with the functionality that is already available in OpensSSL and give power back to the user.

Just my 2 cents.

VeNoMouS avatar May 19 '20 21:05 VeNoMouS

Please use bugs.python.org for discussions.

tiran avatar May 19 '20 21:05 tiran

This PR is stale because it has been open for 30 days with no activity.

github-actions[bot] avatar Aug 15 '22 00:08 github-actions[bot]

With regards to https://scrapfly.io/blog/how-to-avoid-web-scraping-blocking-tls/, python gets much less interesting for scraping or alike if we are not able to set the curves or ssl extensions ourselves.

sla-te avatar Oct 25 '22 19:10 sla-te