[3.7] bpo-33618: Enable TLS 1.3 in tests (GH-7079) (GH-7082)
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.
To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 529525fb5a8fd9b96ab4021311a598c77588b918)
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 2ccea13..14eac2c 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -2587,7 +2587,33 @@
:func:`~ssl.RAND_pseudo_bytes` is sufficient.
-.. ssl-libressl:
+.. _ssl-tlsv1_3:
+
+TLS 1.3
+-------
+
+.. versionadded:: 3.7
+
+Python has provisional and experimental support for TLS 1.3 with OpenSSL
+1.1.1. The new protocol behaves slightly differently than previous version
+of TLS/SSL. Some new TLS 1.3 features are not yet available.
+
+- TLS 1.3 uses a disjunct set of cipher suites. All AES-GCM and
+ ChaCha20 cipher suites are enabled by default. The method
+ :meth:`SSLContext.set_ciphers` cannot enable or disable any TLS 1.3
+ ciphers yet, but :meth:`SSLContext.get_cipers` returns them.
+- Session tickets are no longer sent as part of the initial handshake and
+ are handled differently. :attr:`SSLSocket.session` and :class:`SSLSession`
+ are not compatible with TLS 1.3.
+- Client-side certificates are also no longer verified during the initial
+ handshake. A server can request a certificate at any time. Clients
+ process certificate requests while they send or receive application data
+ from the server.
+- TLS 1.3 features like early data, deferred TLS client cert request,
+ signature algorithm configuration, and rekeying are not supported yet.
+
+
+.. _ssl-libressl:
LibreSSL support
----------------
diff --git a/Doc/whatsnew/3.7.rst b/Doc/whatsnew/3.7.rst
index af2aad9..46015af 100644
--- a/Doc/whatsnew/3.7.rst
+++ b/Doc/whatsnew/3.7.rst
@@ -1244,8 +1244,8 @@
.. note::
The improved host name check requires a *libssl* implementation compatible
with OpenSSL 1.0.2 or 1.1. Consequently, OpenSSL 0.9.8 and 1.0.1 are no
- longer supported and LibreSSL is temporarily not supported until it gains
- the necessary OpenSSL 1.0.2 APIs.
+ longer supported. The ssl module is mostly compatible with LibreSSL 2.7.2
+ and newer.
The ``ssl`` module no longer sends IP addresses in SNI TLS extension.
(Contributed by Christian Heimes in :issue:`32185`.)
@@ -1270,8 +1270,12 @@
Nathaniel J. Smith and Christian Heimes in :issue:`28414`.)
The ``ssl`` module has preliminary and experimental support for TLS 1.3 and
-OpenSSL 1.1.1. (Contributed by Christian Heimes in :issue:`32947`,
-:issue:`20995`, :issue:`29136`, and :issue:`30622`)
+OpenSSL 1.1.1. At the time of Python 3.7.0 release, OpenSSL 1.1.1 is still
+under development and TLS 1.3 hasn't been finalized yet. The TLS 1.3
+handshake and protocol behaves slightly differently than TLS 1.2 and earlier,
+see :ref:`ssl-tlsv1_3`.
+(Contributed by Christian Heimes in :issue:`32947`, :issue:`20995`,
+:issue:`29136`, :issue:`30622` and :issue:`33618`)
:class:`~ssl.SSLSocket` and :class:`~ssl.SSLObject` no longer have a public
constructor. Direct instantiation was never a documented and supported