Title: Add ssl.HAS_PHA to detect libssl PHA support · Issue #128035 · python/cpython · GitHub
Open Graph Title: Add ssl.HAS_PHA to detect libssl PHA support · Issue #128035 · python/cpython
X Title: Add ssl.HAS_PHA to detect libssl PHA support · Issue #128035 · python/cpython
Description: Feature or enhancement Proposal: TLSv1.3 post-handshake client authentication (PHA), often referred to as "mutual TLS" or "mTLS", allows TLS servers to authenticate client identities using digital certificates. Some TLS libraries do not ...
Open Graph Description: Feature or enhancement Proposal: TLSv1.3 post-handshake client authentication (PHA), often referred to as "mutual TLS" or "mTLS", allows TLS servers to authenticate client identities using digital ...
X Description: Feature or enhancement Proposal: TLSv1.3 post-handshake client authentication (PHA), often referred to as "mutual TLS" or "mTLS", allows TLS servers to authenticate client ident...
Opengraph URL: https://github.com/python/cpython/issues/128035
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Add ssl.HAS_PHA to detect libssl PHA support","articleBody":"# Feature or enhancement\n\n### Proposal:\n\n[TLSv1.3 post-handshake client authentication](https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.6) (PHA), often referred to as \"mutual TLS\" or \"mTLS\", allows TLS servers to authenticate client identities using digital certificates. Some TLS libraries do not implement PHA, including actively maintained and widely used libraries such as [AWS-LC](https://github.com/aws/aws-lc/) and [BoringSSL](https://github.com/google/boringssl/).\n\nThis issue proposes the addition of a boolean property `ssl.HAS_PHA` to indicate whether the crypto library CPython is built against supports PHA, allowing python's test suite and consuming modules to branch accordingly.\n\nThis feature has precedent in the `ssl.HAS_PSK` flag indicating support for another TLS feature that is not universally implemented across TLS libraries.\n\n### Has this already been discussed elsewhere?\n\nThis is a minor feature, which does not need previous discussion elsewhere\n\n### Links to previous discussion of this feature:\n\nRelated changes to increase libcrypto/libssl compatibility (specifically with AWS-LC) have been discussed with the community [here](https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505/2).\n\n\u003c!-- gh-linked-prs --\u003e\n### Linked PRs\n* gh-128036\n\u003c!-- /gh-linked-prs --\u003e\n","author":{"url":"https://github.com/WillChilds-Klein","@type":"Person","name":"WillChilds-Klein"},"datePublished":"2024-12-17T16:29:33.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/128035/cpython/issues/128035"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:08d3d52a-6bd1-e4f3-eab6-2c5d0a55bdb7 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | AF46:1A55AD:1DAB98D:2A8A007:6A58ECFF |
| html-safe-nonce | 9fd441e148692b515359c259638453f1f91ebea30e2151968228389057722836 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBRjQ2OjFBNTVBRDoxREFCOThEOjJBOEEwMDc6NkE1OEVDRkYiLCJ2aXNpdG9yX2lkIjoiMzA4NjE4OTQyOTk2MDI3MzE1MSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 6ea003fef7a05b937ff8db43c96e9db1404b94ad406b4ed3187f789d466e62a8 |
| hovercard-subject-tag | issue:2745417445 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/python/cpython/128035/issue_layout |
| twitter:image | https://opengraph.githubassets.com/20d969d2b5980c91991bb5fee02d327ca3ae873a8cd0e1699e155a56d078ebca/python/cpython/issues/128035 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/20d969d2b5980c91991bb5fee02d327ca3ae873a8cd0e1699e155a56d078ebca/python/cpython/issues/128035 |
| og:image:alt | Feature or enhancement Proposal: TLSv1.3 post-handshake client authentication (PHA), often referred to as "mutual TLS" or "mTLS", allows TLS servers to authenticate client identities using digital ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | WillChilds-Klein |
| hostname | github.com |
| expected-hostname | github.com |
| None | 5f2a0c7865178af3d91dd9f13b0cdfc3c73a2529c873d2780bb4c01271a57ec6 |
| turbo-cache-control | no-preview |
| go-import | github.com/python/cpython git https://github.com/python/cpython.git |
| octolytics-dimension-user_id | 1525981 |
| octolytics-dimension-user_login | python |
| octolytics-dimension-repository_id | 81598961 |
| octolytics-dimension-repository_nwo | python/cpython |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 81598961 |
| octolytics-dimension-repository_network_root_nwo | python/cpython |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 8aae7b8d6caacacf5c66eaeb2702d8dc88d85b4a |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width