Seth Michael Larson
Seth Michael Larson
TLS session resumption doesn't work for Python on TLS 1.3 so we'd only get to use session resumption for TLS 1.2 (Still good!) Docs: https://docs.python.org/3/library/ssl.html#ssl.SSLSession The ticket has a few...
There's also this RFC we have to deal with when it comes to TLS session resumption: https://tools.ietf.org/html/rfc8470 Doesn't seem too bad, except we need to signal to the lifecycle somehow...
100% agree that AltSvc, TLSTickets, and HSTS can be handled at the connection manager level. We do sacrifice a bit on keeping HSTS only in memory but not much, and...
I'm in favor of removal for now, they'll require a ton of rework to make them work in Hip. If needed and possible we can reintroduce them. I'm also in...
@pquentin is this resolved since `ssl`+blocking respects the socket's timeout?
Here's a brain dump from me for this issue: Some initial components of a "pool key": - Scheme - Host - Port - Trust Store (CA cert(s) / fingerprint) -...
> I think these work the same for connection establishment: `conn = pool.get_connection(proxy_config)`. The tricky part comes afterward; we take that `conn`, issue a `CONNECT`, and hopefully it succeeds and...
> Hmm, I'm not sure this is actually our problem? If the proxy decides they want to reject some of our connections, they can do that equally well over HTTP/1.1...
Interesting points I just read at the very end of the TLS/SSL Python docs: - Session tickets are no longer sent as part of the initial handshake and are handled...
I'm in complete agreement with the conclusion. I wonder if there's a way we could include a push-based approach for a lower-level API, something that we've talked about a couple...