[3.7] bpo-32257: Add ssl.OP_NO_RENEGOTIATION (GH-5904) (#6877) The ssl module now contains OP_NO_RENEGOTIATION constant, available with OpenSSL 1.1.0h or 1.1.1. Note, OpenSSL 1.1.0h hasn't been released yet. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 67c48016638aac9a15afe6fd6754d53d2bdd6b76) Co-authored-by: Christian Heimes <christian@python.org>

commit: e2db6ad1d96ca3e8bd29178f7093785c5d550bb7 [log] [tgz]
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Wed May 16 07:26:19 2018 -0700
committer: Christian Heimes <christian@python.org> Wed May 16 10:26:19 2018 -0400
tree: e60689d69c53f2c31dee33dee279cbc0767f0388
parent: 51b2f6d3a3d6433b832f30d03382653f92a31cdf [diff]
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index f965494..dcb2666 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst

@@ -803,6 +803,15 @@
       The option is deprecated since OpenSSL 1.1.0. It was added to 2.7.15,
       3.6.3 and 3.7.0 for backwards compatibility with OpenSSL 1.0.2.
 
+.. data:: OP_NO_RENEGOTIATION
+
+   Disable all renegotiation in TLSv1.2 and earlier. Do not send
+   HelloRequest messages, and ignore renegotiation requests via ClientHello.
+
+   This option is only available with OpenSSL 1.1.0h and later.
+
+   .. versionadded:: 3.7
+
 .. data:: OP_CIPHER_SERVER_PREFERENCE
 
    Use the server's cipher ordering preference, rather than the client's.
commit	e2db6ad1d96ca3e8bd29178f7093785c5d550bb7	[log] [tgz]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Wed May 16 07:26:19 2018 -0700
committer	Christian Heimes <christian@python.org>	Wed May 16 10:26:19 2018 -0400
tree	e60689d69c53f2c31dee33dee279cbc0767f0388
parent	51b2f6d3a3d6433b832f30d03382653f92a31cdf [diff]