如何在pyOpenSSL中禁用会话恢复? [英] How to disable session resumption in pyOpenSSL?

问题描述

最近披露了 Tripple握手问题. 另一个问题的主题是，是否禁用会话恢复将缓解这一问题.假设我出于任何原因(基本上是我的偏执狂)都想禁用它.

The Tripple Handshake Issue was disclosed lately. Wether disabling session resumption will mitigate this or not, is a topic for another question. Let's assume I want to disable it for whatever reason (basicly my paranoia).

要在C语言中禁用此功能，似乎应该使用此功能:

To disable this in C, it seems like one should use this:

SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);

有人可以确认吗?

但是如何在pyopenssl中做到这一点?

But how to do this in pyopenssl?

推荐答案

从pyOpenSSL 0.14开始，这是可能的:

Starting with pyOpenSSL 0.14 this is possible:

from OpenSSL.SSL import TLSv1_2_METHOD SESS_CACHE_OFF, Context, Connection

ctx = Context(TLSv1_2_METHOD)
ctx.set_session_cache_mode(SESS_CACHE_OFF)

conn = Connection(ctx, ...)

较早版本的pyOpenSSL不会公开这些API.

Earlier versions of pyOpenSSL do not expose these APIs.

如果您还需要关闭会话票证，则:

If you also need to turn off session tickets then:

from OpenSSL.SSL import OP_NO_TICKET

...

ctx.set_options(OP_NO_TICKET)

这篇关于如何在pyOpenSSL中禁用会话恢复?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！