cpython icon indicating copy to clipboard operation
cpython copied to clipboard
Published 2 weeks ago verified publisher icon python

asyncio: Add PHA for TLS 1.3

Open 7a3a32a2-a4ff-461f-80bc-e2e81274cfbf opened this issue 7 years ago • 1 comments

BPO 34847
Nosy @fantix, @asvetlov, @1st1
PRs
  • python/cpython#9460
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = None
created_at = <Date 2018-09-30.03:52:14.621>
labels = ['type-bug', '3.8', 'expert-asyncio']
title = 'asyncio: Add PHA for TLS 1.3'
updated_at = <Date 2018-09-30.03:54:16.138>
user = 'https://github.com/fantix'

    bugs.python.org fields:

    activity = <Date 2018-09-30.03:54:16.138>
actor = 'christian.heimes'
assignee = 'none'
closed = False
closed_date = None
closer = None
components = ['asyncio']
creation = <Date 2018-09-30.03:52:14.621>
creator = 'fantix'
dependencies = []
files = []
hgrepos = []
issue_num = 34847
keywords = ['patch']
message_count = 1.0
messages = ['326700']
nosy_count = 3.0
nosy_names = ['fantix', 'asvetlov', 'yselivanov']
pr_nums = ['9460']
priority = 'normal'
resolution = None
stage = 'patch review'
status = 'open'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue34847'
versions = ['Python 3.8']

    7a3a32a2-a4ff-461f-80bc-e2e81274cfbf avatar Sep 30 '18 03:09 7a3a32a2-a4ff-461f-80bc-e2e81274cfbf

    This was raised in GH-9460 where the same post handshake authentication (PHA) was added to the ssl module. It should be added to asyncio too. This issue is to discuss the design of PHA API in asyncio, and implement it in Python 3.8.

    One approach is to add _SSLProtocolTransport.verify_client_post_handshake(), but an additional new transport mixin type to asyncio/transports.py would be needed (Yury).

    Yury also proposed another option to use get_extra_info() API to get something like an "SSLExtra" object with additional APIs.

    7a3a32a2-a4ff-461f-80bc-e2e81274cfbf avatar Sep 30 '18 03:09 7a3a32a2-a4ff-461f-80bc-e2e81274cfbf

    There have been no user requests for this feature and we are unlikely to expand the tls API hence closing.

    kumaraditya303 avatar Apr 20 '23 10:04 kumaraditya303

    In case this is still being read I was hoping for this functionality to support creating a WSMan service for Windows Event Forwarding. The WSMan service uses the post handshake auth feature for certificate authentication.

    jborean93 avatar May 11 '24 00:05 jborean93

    I'm sorry but nobody appears to be available to implement this.

    gvanrossum avatar May 11 '24 01:05 gvanrossum

    All good I assumed as much, just wanted to put it out there some use cases of such a feature. I'm looking into alternatives but alas I think I need to manually wrap my data with wrap_bio as the sync variant only seems to work when you send actual data with no way of just doing the new handshake only.

    jborean93 avatar May 11 '24 01:05 jborean93