search

python / cpython

The Python programming language
https://www.python.org
Other
62.36k stars 29.95k forks source link

Example requires exactly TLSv1.3, but explanation says TLSv1.2 and later #95816

Open qris opened 2 years ago

qris commented 2 years ago

Documentation

The example at https://docs.python.org/3/library/ssl.html#protocol-versions says:

client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
client_context.minimum_version = ssl.TLSVersion.TLSv1_3
client_context.maximum_version = ssl.TLSVersion.TLSv1_3

Which should require exactly TLSv1.3 (no higher or lower). But the explanation then says:

The SSL context created above will only allow TLSv1.2 and later (if supported by your system) connections to a server.

I think this is an incorrect statement. I also think the example is not ideal, as it would be strange to refuse to use more recent versions of TLS if they were supported.

graingert commented 2 years ago

I think I've opened this one somewhere

janbrasna commented 9 months ago

Related:

Not entirely fixed as of today, as the edits were made to TLS v1.3 as min/max, yet the explainer says TLSv1.3 or newer, which is still wrong.

So the question is: should the max be changed to MAXIMUM_SUPPORTED (or left out completely?) or the description altered to say it's exactly TLS v1.3 only? Maybe it should be changed back to ssl.TLSVersion.TLSv1_2 to demonstrate a range of versions as proposed via https://github.com/python/cpython/issues/105090#issuecomment-1650591893 in #107273 …?