Does pyOpenSSL support TLSv1.2 ? cipher suite = TLS_RSA_WITH_AES_256_CBC_SHA256

Asked by Asif on 2012-05-09

I have a client(using pyOpenSSL) thats trying to connect a server which insists on cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 while my client is unable to present TLS_RSA_WITH_AES_256_CBC_SHA256 in its CLIENT HELLO message.

I saw that TLS_RSA_WITH_AES_256_CBC_SHA256 belongs to TLSV1.2; does pyOpenSSL support TLSv1.2?

Thanks
Asif

Question information

Language:
English Edit question
Status:
Answered
For:
pyOpenSSL Edit question
Assignee:
No assignee Edit question
Last query:
2012-05-09
Last reply:
2012-07-03
Jean-Paul Calderone (exarkun) said : #1

It does if the version of OpenSSL it is linked against does. You can check using `openssl ciphers´ in your shell or using the Python API `OpenSSL.SSL.Connection.get_cipher_list`.

Thom Nichols (tmnichols) said : #2

Question related to TLS 1.2 support - if I wanted to create a TLS 1.2 socket, I think it would involve something like this:

context = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
connection = OpenSSL.SSL.Connection(context,my_socket)

Except I would need to use OpenSSL.SSL.TLSv1_2_METHOD which doesn't exist, does it? So does PyOpenSSL need to be updated to support this method? Same would apply for TLSv1_1_METHOD was well I believe.

Jean-Paul Calderone (exarkun) said : #3

Presumably.

Thom Nichols (tmnichols) said : #4

Thanks Jean-Paul. Can I open a bug/ feature request to have this functionality added then?

Jean-Paul Calderone (exarkun) said : #5

Of course.

Can you help with this problem?

Provide an answer of your own, or ask Asif for more information if necessary.

To post a message you must log in.