Skip to content

gh-77063: Added support for X25519 in SSLContext.set_ecdh_curve() #5771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

gh-77063: Added support for X25519 in SSLContext.set_ecdh_curve() #5771

wants to merge 2 commits into from
+16 −16

Conversation

sruester
Copy link

@sruester sruester commented Feb 20, 2018
edited by bedevere-bot
Loading

bpo-32882: Added support for selecting X25519 in SSLContext.set_ecdh_curve()

https://bugs.python.org/issue32882

@VeNoMouS
Copy link

VeNoMouS commented May 6, 2020
edited
Loading

Is this ever going to be implemented? and/or backported to 3.7!?

@sruester
Copy link
Author

It is still intended to create a "unified" solution for TLS (https://www.python.org/dev/peps/pep-0543/). IMHO, until then we could well live with the "not unified, but usable" solution.

@VeNoMouS
Copy link

VeNoMouS commented May 19, 2020
edited
Loading

I ended up writing my own C API implementation that takes the ssl context ptr address, that way i can just import it as a module

@tiran
Copy link
Member

tiran commented May 19, 2020

I have replied to you on BPO twenty minutes after you have opened the bug in 2018, https://bugs.python.org/issue32882#msg312408

tl;dr the improve is a good idea in general, but the API should be more generic and not require the user to know curve names. Therefore I proposed to use a list of curve names, preferable from an enum of supported curve names.

tiran
tiran requested changes May 19, 2020
View reviewed changes
Copy link
Member

@tiran tiran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments on BPO. New APIs should be generic and try to avoid OpenSSL-specific conventions. Let's discuss the new API on BPO first.

PS: I wasn't aware of this PR until your comments pushed it to the top of sort:updated-desc and I just happened to browse the first page. It was created before we had CODEOWNERS assignment fully configured.

@bedevere-bot
Copy link

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@VeNoMouS
Copy link

VeNoMouS commented May 19, 2020
edited
Loading

I have replied to you on BPO twenty minutes after you have opened the bug in 2018, https://bugs.python.org/issue32882#msg312408

tl;dr the improve is a good idea in general, but the API should be more generic and not require the user to know curve names. Therefore I proposed to use a list of curve names, preferable from an enum of supported curve names.

I disagree, the user should also have the ability to set curves as they see fit and not be locked down by restrictions like they currently are.

Can't we have both? have a default "preferable" list... but also give the functionality to manipulate OpenSSL with the functionality that is already available in OpensSSL and give power back to the user.

Just my 2 cents.

@tiran
Copy link
Member

tiran commented May 19, 2020

Please use bugs.python.org for discussions.

@sruester sruester mannequin mentioned this pull request Apr 22, 2022
Open
@github-actions
Copy link

This PR is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale Stale PR or inactive for long period of time. label Aug 15, 2022
@sla-te
Copy link

sla-te commented Oct 25, 2022

With regards to https://scrapfly.io/blog/how-to-avoid-web-scraping-blocking-tls/, python gets much less interesting for scraping or alike if we are not able to set the curves or ssl extensions ourselves.

@arhadthedev arhadthedev changed the title bpo-32882: Added support for X25519 in SSLContext.set_ecdh_curve() gh-77063: Added support for X25519 in SSLContext.set_ecdh_curve() Feb 7, 2023
@github-actions github-actions bot removed the stale Stale PR or inactive for long period of time. label May 8, 2023
@github-actions GitHub Actions
Copy link

This PR is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale Stale PR or inactive for long period of time. label Aug 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiran tiran tiran requested changes

Assignees
No one assigned
Labels
awaiting changes stale Stale PR or inactive for long period of time. topic-SSL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@sruester @VeNoMouS @tiran @bedevere-bot @sla-te @arhadthedev @the-knights-who-say-ni @ezio-melotti