Skip to content

Add support in SSL module for getting and setting TLS signature algorithms #138252

New issue
New issue
Closed
Closed
Add support in SSL module for getting and setting TLS signature algorithms#138252
Assignees
ronf
Labels
extension-modulesC modules in the Modules dirstdlibStandard Library Python modules in the Lib/ directorytopic-SSLtype-featureA feature request or enhancement
@ronf

Description

@ronf
ronf
opened on Aug 29, 2025

Proposal:

This feature proposal is a continuation of SSL feature work begun in issues #136306 and #137197. It adds the ability to set TLS signature algorithms for both client and server in the SSLContext class and later query the selected signature algorithms on an SSHSocket, after the TLS handshake is complete. The new methods would look something like:

    ssl.get_sigalgs() -> List[str]:
        """Get a list of TLS signature algorithms available for server validation
           and client authentication."""

    SSLContext.set_server_sigalgs(sigalgs: str) -> None:
        """Set the TLS signature algorithms allowed for server validation."""

    SSLContext.set_client_sigalgs(sigalgs: str) -> None:
        """Set the TLS signature algorithms allowed for client authentication."""

    SSLSocket.server_sigalg() -> str | None:
        """Return the TLS signature algorithm selected for server validation."""

    SSLSocket.client_sigalg() -> str | None:
        """Return the TLS signature algorithm selected for client authentication."""

Links to previous discussion of this feature:

This work was discussed originally in PR #119244.

Linked PRs

Metadata

Metadata

Assignees

Labels

extension-modulesC modules in the Modules dirstdlibStandard Library Python modules in the Lib/ directorytopic-SSLtype-featureA feature request or enhancement

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions