[3.7] bpo-32257: Add ssl.OP_NO_RENEGOTIATION (GH-5904) (#6877) · python/cpython@e2db6ad

[3.7] bpo-32257: Add ssl.OP_NO_RENEGOTIATION (GH-5904) (#6877) · python/cpython@e2db6ad

3 files changed

lines changed

Original file line number	Diff line number	Diff line change
`@@ -803,6 +803,15 @@ Constants`
`803`	`803`	`The option is deprecated since OpenSSL 1.1.0. It was added to 2.7.15,`
`804`	`804`	`3.6.3 and 3.7.0 for backwards compatibility with OpenSSL 1.0.2.`
`805`	`805`
	`806`	`+.. data:: OP_NO_RENEGOTIATION`
	`807`	`+`
	`808`	`+ Disable all renegotiation in TLSv1.2 and earlier. Do not send`
	`809`	`+ HelloRequest messages, and ignore renegotiation requests via ClientHello.`
	`810`	`+`
	`811`	`+ This option is only available with OpenSSL 1.1.0h and later.`
	`812`	`+`
	`813`	`+ .. versionadded:: 3.7`
	`814`	`+`
`806`	`815`	`.. data:: OP_CIPHER_SERVER_PREFERENCE`
`807`	`816`
`808`	`817`	`Use the server's cipher ordering preference, rather than the client's.`

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+The ssl module now contains OP_NO_RENEGOTIATION constant, available with`
	`2`	`+OpenSSL 1.1.0h or 1.1.1.`

Original file line number	Diff line number	Diff line change
`@@ -5845,6 +5845,10 @@ PyInit__ssl(void)`
`5845`	`5845`	`PyModule_AddIntConstant(m, "OP_ENABLE_MIDDLEBOX_COMPAT",`
`5846`	`5846`	`SSL_OP_ENABLE_MIDDLEBOX_COMPAT);`
`5847`	`5847`	`#endif`
	`5848`	`+#ifdef SSL_OP_NO_RENEGOTIATION`
	`5849`	`+PyModule_AddIntConstant(m, "OP_NO_RENEGOTIATION",`
	`5850`	`+SSL_OP_NO_RENEGOTIATION);`
	`5851`	`+#endif`
`5848`	`5852`
`5849`	`5853`	`#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT`
`5850`	`5854`	`PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT",`