Skip to content

Commit 67c4801

Browse files
tiranned-deily
authored andcommitted
bpo-32257: Add ssl.OP_NO_RENEGOTIATION (pythonGH-5904)
The ssl module now contains OP_NO_RENEGOTIATION constant, available with OpenSSL 1.1.0h or 1.1.1. Note, OpenSSL 1.1.0h hasn't been released yet. Signed-off-by: Christian Heimes <christian@python.org>
1 parent 19177fb commit 67c4801

3 files changed

Lines changed: 15 additions & 0 deletions

File tree

Doc/library/ssl.rst

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -803,6 +803,15 @@ Constants
803803
The option is deprecated since OpenSSL 1.1.0. It was added to 2.7.15,
804804
3.6.3 and 3.7.0 for backwards compatibility with OpenSSL 1.0.2.
805805

806+
.. data:: OP_NO_RENEGOTIATION
807+
808+
Disable all renegotiation in TLSv1.2 and earlier. Do not send
809+
HelloRequest messages, and ignore renegotiation requests via ClientHello.
810+
811+
This option is only available with OpenSSL 1.1.0h and later.
812+
813+
.. versionadded:: 3.7
814+
806815
.. data:: OP_CIPHER_SERVER_PREFERENCE
807816

808817
Use the server's cipher ordering preference, rather than the client's.
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
The ssl module now contains OP_NO_RENEGOTIATION constant, available with
2+
OpenSSL 1.1.0h or 1.1.1.

Modules/_ssl.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5845,6 +5845,10 @@ PyInit__ssl(void)
58455845
PyModule_AddIntConstant(m, "OP_ENABLE_MIDDLEBOX_COMPAT",
58465846
SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
58475847
#endif
5848+
#ifdef SSL_OP_NO_RENEGOTIATION
5849+
PyModule_AddIntConstant(m, "OP_NO_RENEGOTIATION",
5850+
SSL_OP_NO_RENEGOTIATION);
5851+
#endif
58485852

58495853
#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
58505854
PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT",

0 commit comments

Comments
 (0)