gh-96828: Add an ssl.OP_ENABLE_KTLS option (GH-96830)

Expose the constant when OpenSSL defines it.
This commit is contained in:
Illia Volochii 2022-11-24 04:24:09 +02:00 committed by GitHub
parent c69cfcdb11
commit 9dc08361be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 0 deletions

View File

@ -807,6 +807,22 @@ Constants
.. versionadded:: 3.10
.. data:: OP_ENABLE_KTLS
Enable the use of the kernel TLS. To benefit from the feature, OpenSSL must
have been compiled with support for it, and the negotiated cipher suites and
extensions must be supported by it (a list of supported ones may vary by
platform and kernel version).
Note that with enabled kernel TLS some cryptographic operations are
performed by the kernel directly and not via any available OpenSSL
Providers. This might be undesirable if, for example, the application
requires all cryptographic operations to be performed by the FIPS provider.
This option is only available with OpenSSL 3.0.0 and later.
.. versionadded:: 3.12
.. data:: HAS_ALPN
Whether the OpenSSL library has built-in support for the *Application-Layer

View File

@ -0,0 +1,2 @@
Add an :data:`~ssl.OP_ENABLE_KTLS` option for enabling the use of the kernel
TLS (kTLS). Patch by Illia Volochii.

View File

@ -5864,6 +5864,9 @@ sslmodule_init_constants(PyObject *m)
PyModule_AddIntConstant(m, "OP_IGNORE_UNEXPECTED_EOF",
SSL_OP_IGNORE_UNEXPECTED_EOF);
#endif
#ifdef SSL_OP_ENABLE_KTLS
PyModule_AddIntConstant(m, "OP_ENABLE_KTLS", SSL_OP_ENABLE_KTLS);
#endif
#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT",