From 5dc698861c91b4aa83b284b282c0e91cdcee49a3 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Wed, 10 Mar 2021 22:35:24 +0100 Subject: Add SSL_CTX_set_min_proto_version/SSL_CTX_set_max_proto_version bindings (#985) * add Context.set_*_proto_version, fix #860 * docs: add new openssl tls methods * accept the fact that nothing can be taken for granted * bump minimum required cryptography version to 3.3 * drop support for Python 3.5 * use binary wheels for cryptography * Revert "use binary wheels for cryptography" This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1. * docker ci: compile cryptography with rust --- doc/api/ssl.rst | 19 ++++++++++++++++--- doc/introduction.rst | 2 +- 2 files changed, 17 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst index ead1452..630ebfc 100644 --- a/doc/api/ssl.rst +++ b/doc/api/ssl.rst @@ -10,7 +10,10 @@ This module handles things specific to SSL. There are two objects defined: Context, Connection. -.. py:data:: SSLv2_METHOD +.. py:data:: TLS_METHOD + TLS_SERVER_METHOD + TLS_CLIENT_METHOD + SSLv2_METHOD SSLv3_METHOD SSLv23_METHOD TLSv1_METHOD @@ -18,11 +21,21 @@ Context, Connection. TLSv1_2_METHOD These constants represent the different SSL methods to use when creating a - context object. If the underlying OpenSSL build is missing support for any - of these protocols, constructing a :py:class:`Context` using the + context object. New code should only use ``TLS_METHOD``, ``TLS_SERVER_METHOD``, + or ``TLS_CLIENT_METHOD``. If the underlying OpenSSL build is missing support + for any of these protocols, constructing a :py:class:`Context` using the corresponding :py:const:`*_METHOD` will raise an exception. +.. py:data:: SSL3_VERSION + TLS1_VERSION + TLS1_1_VERSION + TLS1_2_VERSION + TLS1_3_VERSION + + These constants represent the different TLS versions to use when + setting the minimum or maximum TLS version. + .. py:data:: VERIFY_NONE VERIFY_PEER VERIFY_FAIL_IF_NO_PEER_CERT diff --git a/doc/introduction.rst b/doc/introduction.rst index a810fbb..2879829 100644 --- a/doc/introduction.rst +++ b/doc/introduction.rst @@ -14,7 +14,7 @@ Other OpenSSL wrappers for Python at the time were also limited, though in diffe Later it was maintained by `Jean-Paul Calderone`_ who among other things managed to make pyOpenSSL a pure Python project which the current maintainers are *very* grateful for. Over the time the standard library's ``ssl`` module improved, never reaching the completeness of pyOpenSSL's API coverage. -Despite `PEP 466`_ many useful features remain Python 3-only and pyOpenSSL remains the only alternative for full-featured TLS code across all noteworthy Python versions from 2.7 through 3.5 and PyPy_. +Despite `PEP 466`_ many useful features remain Python 3-only and pyOpenSSL remains the only alternative for full-featured TLS code across all noteworthy Python versions from 2.7 through 3.6 and PyPy_. Development -- cgit v1.2.1