bpo-33618: Enable TLS 1.3 in tests by tiran · Pull Request #7079

bpo-33618: Enable TLS 1.3 in tests by tiran · Pull Request #7079 · python/cpython

TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
openssl/openssl#6340) is required.

Signed-off-by: Christian Heimes <christian@python.org>

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request

May 23, 2018

TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
openssl/openssl#6340) is required.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 529525f)

Co-authored-by: Christian Heimes <christian@python.org>

tiran deleted the tls13-misc branch

May 23, 2018 20:27

tiran pushed a commit that referenced this pull request

May 23, 2018

TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
openssl/openssl#6340) is required.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 529525f)