Add support in SSL module for getting/setting TLS 1.3 cipher suites #137197
Description
Add support in SSL module for getting/setting TLS 1.3 cipher suites
Proposal:
This feature proposal is a follow-on to issue #136306, adding the ability to control TLS 1.3 cipher suites. The existing Python SSLContext class has a method to set ciphers, but it is specifically documented that it can only be used to set cipher suites from TLS 1.2 and earlier. OpenSSL has added a different function for setting TLS 1.3 ciphers, and this feature would add a wrapper around that which looks like:
SSLContext.set_ciphersuites(ciphersuites: str) -> None:
"""Set the TLS 1.3 cipher suites for sockets created with this context."""This function mirrors SSLContext.set_ciphers(ciphers: str) which exists today for setting TLS 1.2 and earlier cipher suites. In addition, the existing SSLSocket.cipher() method can properly return the selected cipher after the TLS handshake has completed on a connection for both TLS 1.3 and earlier TLS versions, so no changes are required to that.
This feature will also update the documentation for SSLContext.set_ciphers and the section of the docs discussing TLS 1.3 support to reflect the new capability.
Links to previous discussion of this feature:
This was previously discussed in PR #136307, in the context of continuing to improve Python's TLS 1.3 support.