pyOpenSSL

Does pyOpenSSL support TLSv1.2 ? cipher suite = TLS_RSA_WITH_AES_256_CBC_SHA256

Asked by Asif

I have a client(using pyOpenSSL) thats trying to connect a server which insists on cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 while my client is unable to present TLS_RSA_WITH_AES_256_CBC_SHA256 in its CLIENT HELLO message.

I saw that TLS_RSA_WITH_AES_256_CBC_SHA256 belongs to TLSV1.2; does pyOpenSSL support TLSv1.2?

Thanks
Asif

Question information

Language:
English Edit question
Status:
Answered
For:
pyOpenSSL Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Jean-Paul Calderone (exarkun) said : 		#1

It does if the version of OpenSSL it is linked against does. You can check using `openssl ciphers´ in your shell or using the Python API `OpenSSL.SSL.Connection.get_cipher_list`.

Revision history for this message
Thom Nichols (tmnichols) said : 		#2

Question related to TLS 1.2 support - if I wanted to create a TLS 1.2 socket, I think it would involve something like this:

context = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
connection = OpenSSL.SSL.Connection(context,my_socket)

Except I would need to use OpenSSL.SSL.TLSv1_2_METHOD which doesn't exist, does it? So does PyOpenSSL need to be updated to support this method? Same would apply for TLSv1_1_METHOD was well I believe.

Revision history for this message
Jean-Paul Calderone (exarkun) said : 		#3

Presumably.

Revision history for this message
Thom Nichols (tmnichols) said : 		#4

Thanks Jean-Paul. Can I open a bug/ feature request to have this functionality added then?

Revision history for this message
Jean-Paul Calderone (exarkun) said : 		#5

Of course.

Can you help with this problem?

Provide an answer of your own, or ask Asif for more information if necessary.

To post a message you must log in.