如何在pyOpenSSL中禁用会话恢复? [英] How to disable session resumption in pyOpenSSL?
本文介绍了如何在pyOpenSSL中禁用会话恢复?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
最近披露了 Tripple握手问题. 另一个问题的主题是,是否禁用会话恢复将缓解这一问题.假设我出于任何原因(基本上是我的偏执狂)都想禁用它.
The Tripple Handshake Issue was disclosed lately. Wether disabling session resumption will mitigate this or not, is a topic for another question. Let's assume I want to disable it for whatever reason (basicly my paranoia).
要在C语言中禁用此功能,似乎应该使用此功能:
To disable this in C, it seems like one should use this:
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
有人可以确认吗?
但是如何在pyopenssl中做到这一点?
But how to do this in pyopenssl?
推荐答案
从pyOpenSSL 0.14开始,这是可能的:
Starting with pyOpenSSL 0.14 this is possible:
from OpenSSL.SSL import TLSv1_2_METHOD SESS_CACHE_OFF, Context, Connection
ctx = Context(TLSv1_2_METHOD)
ctx.set_session_cache_mode(SESS_CACHE_OFF)
conn = Connection(ctx, ...)
较早版本的pyOpenSSL不会公开这些API.
Earlier versions of pyOpenSSL do not expose these APIs.
如果您还需要关闭会话票证,则:
If you also need to turn off session tickets then:
from OpenSSL.SSL import OP_NO_TICKET
...
ctx.set_options(OP_NO_TICKET)
这篇关于如何在pyOpenSSL中禁用会话恢复?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文