search

python / cpython

The Python programming language
https://www.python.org
Other
63.07k stars 30.2k forks source link

Key agreement parameters not accessible #77064

Open 9c63a5ca-3c96-4ba4-bf79-17db4cacd9c3 opened 6 years ago

9c63a5ca-3c96-4ba4-bf79-17db4cacd9c3 commented 6 years ago
BPO 32883
Nosy @tiran, @sruester
Superseder
  • bpo-32858: Improve OpenSSL ECDH support
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields: ```python assignee = 'https://github.com/tiran' closed_at = None created_at = labels = ['expert-SSL', 'type-feature', '3.8'] title = 'Key agreement parameters not accessible' updated_at = user = 'https://github.com/sruester' ``` bugs.python.org fields: ```python activity = actor = 'christian.heimes' assignee = 'christian.heimes' closed = False closed_date = None closer = None components = ['SSL'] creation = creator = 'sruester' dependencies = [] files = [] hgrepos = [] issue_num = 32883 keywords = [] message_count = 3.0 messages = ['312406', '312409', '312417'] nosy_count = 2.0 nosy_names = ['christian.heimes', 'sruester'] pr_nums = [] priority = 'normal' resolution = None stage = 'needs patch' status = 'open' superseder = '32858' type = 'enhancement' url = 'https://bugs.python.org/issue32883' versions = ['Python 3.8'] ```

    9c63a5ca-3c96-4ba4-bf79-17db4cacd9c3 commented 6 years ago

    Using python it is not possible to retrieve information about the key exchange/agreement method that was used during session setup.

    A method should be added to a suitable SSL* object that allows to retrieve information such as whether ECDH with which curves, or DH, or neither was used.

    tiran commented 6 years ago

    I'd prefer to have a generic handshake info method that returns a structured object like a named tuple with handshake information. We could start with key exchange / key agreement, TLS version, cipher suite, etc. Later the method could be extended and include information such as signature algorithms, offered suites and versions (server-side), and more.

    9c63a5ca-3c96-4ba4-bf79-17db4cacd9c3 commented 6 years ago

    How about a new method crypto_information() and making cipher() a wrapper around that one? The former could return a named tupple with handshake information together with all other relevant crypto information about the current session.

    This would eliminate the need to define several new methods while keeping backwards compatibility of cipher().