New submission from Christian Heimes <li...@cheimes.de>:
httplib.client does not enable post-handshake authentication for TLS 1.3 connections. PHA is necessary for TLS 1.3 connections to servers that have conditional client cert authentication. For example Apache mod_ssl uses PHA when only certain paths or request methods require a client cert to authenticate a client. Since TLS 1.3 is enabled by default with OpenSSL 1.1.1 and TLS 1.3 is preferred over TLS 1.2, the lack of PHA extension breaks backwards compatibility. ---------- assignee: christian.heimes components: Library (Lib), SSL messages: 346820 nosy: alex, christian.heimes, dstufft, janssen, ned.deily priority: deferred blocker severity: normal status: open title: httplib should enable post-handshake authentication for TLS 1.3 type: behavior versions: Python 2.7, Python 3.7, Python 3.8, Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37440> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
