Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-32882: Added support for X25519 in SSLContext.set_ecdh_curve() #5771

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

bpo-32882: Added support for X25519 in SSLContext.set_ecdh_curve() #5771

wants to merge 1 commit into from
+16 −16

Conversation

sruester
Copy link

@sruester sruester commented Feb 20, 2018
edited by bedevere-bot

bpo-32882: Added support for selecting X25519 in SSLContext.set_ecdh_curve()

https://bugs.python.org/issue32882

@VeNoMouS
Copy link

@VeNoMouS VeNoMouS commented May 6, 2020
edited

Is this ever going to be implemented? and/or backported to 3.7!?

@sruester
Copy link
Author

@sruester sruester commented May 19, 2020

It is still intended to create a "unified" solution for TLS (https://www.python.org/dev/peps/pep-0543/). IMHO, until then we could well live with the "not unified, but usable" solution.

@VeNoMouS
Copy link

@VeNoMouS VeNoMouS commented May 19, 2020
edited

I ended up writing my own C API implementation that takes the ssl context ptr address, that way i can just import it as a module

@tiran
Copy link
Member

@tiran tiran commented May 19, 2020

I have replied to you on BPO twenty minutes after you have opened the bug in 2018, https://bugs.python.org/issue32882#msg312408

tl;dr the improve is a good idea in general, but the API should be more generic and not require the user to know curve names. Therefore I proposed to use a list of curve names, preferable from an enum of supported curve names.

tiran
tiran requested changes May 19, 2020
View changes
Copy link
Member

@tiran tiran left a comment

See comments on BPO. New APIs should be generic and try to avoid OpenSSL-specific conventions. Let's discuss the new API on BPO first.

PS: I wasn't aware of this PR until your comments pushed it to the top of sort:updated-desc and I just happened to browse the first page. It was created before we had CODEOWNERS assignment fully configured.

@bedevere-bot
Copy link

@bedevere-bot bedevere-bot commented May 19, 2020

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@VeNoMouS
Copy link

@VeNoMouS VeNoMouS commented May 19, 2020
edited

I have replied to you on BPO twenty minutes after you have opened the bug in 2018, https://bugs.python.org/issue32882#msg312408

tl;dr the improve is a good idea in general, but the API should be more generic and not require the user to know curve names. Therefore I proposed to use a list of curve names, preferable from an enum of supported curve names.

I disagree, the user should also have the ability to set curves as they see fit and not be locked down by restrictions like they currently are.

Can't we have both? have a default "preferable" list... but also give the functionality to manipulate OpenSSL with the functionality that is already available in OpensSSL and give power back to the user.

Just my 2 cents.

@tiran
Copy link
Member

@tiran tiran commented May 19, 2020

Please use bugs.python.org for discussions.

@sruester sruester mannequin mentioned this pull request Apr 22, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiran tiran

Assignees
No one assigned
Labels
awaiting changes CLA signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@sruester @VeNoMouS @tiran @bedevere-bot @the-knights-who-say-ni