mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-11 19:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

gh-136306: Add support for getting and setting SSL groups (#136307)

Browse source 
Add support for getting and setting groups used for key agreement.

* `ssl.SSLSocket.group()` returns the name of the group used
  for the key agreement of the current session establishment.
  This feature requires Python to be built with OpenSSL 3.2 or later.

* `ssl.SSLContext.get_groups()` returns the list of names of groups
  that are compatible with the TLS version of the current context.
  This feature requires Python to be built with OpenSSL 3.5 or later.

* `ssl.SSLContext.set_groups()` sets the groups allowed for key agreement
  for sockets created with this context. This feature is always supported.
This commit is contained in:
Ron Frederick 2025-07-28 10:33:31 -07:00 committed by GitHub
parent 59e2330cf3
commit 377b787618
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 370 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Lib/ssl.py
View file

@ -931,6 +931,10 @@ class SSLObject:
ssl_version, secret_bits)``."""
return self._sslobj.cipher()
def group(self):
"""Return the currently selected key agreement group name."""
return self._sslobj.group()
def shared_ciphers(self):
"""Return a list of ciphers shared by the client during the handshake or
None if this is not a valid server connection.
@ -1210,6 +1214,14 @@ class SSLSocket(socket):
else:
return self._sslobj.cipher()
@_sslcopydoc
def group(self):
self._checkClosed()
if self._sslobj is None:
return None
else:
return self._sslobj.group()
@_sslcopydoc
def shared_ciphers(self):
self._checkClosed()