Skip to content

Commit

Permalink
pythongh-118596: Add thread-safety clarifications to the SSLContext d…
Browse files Browse the repository at this point in the history
…ocumentation (python#118597)

Add thread-safety clarifications to the SSLContext documentation. Per the issue:

This issue has also come up [here](psf/requests#6667) where the matter was clarified by @tiran in [this comment](psf/requests#6667):
> `SSLContext` is designed to be shared and used for multiple connections. It is thread safe as long as you don't reconfigure it once it is used by a connection. Adding new certs to the internal trust store is fine, but changing ciphers, verification settings, or mTLS certs can lead to surprising behavior. The problem is unrelated to threads and can even occur in a single-threaded program.
  • Loading branch information
mm-matthias authored and mrahtz committed Jun 30, 2024
1 parent 62f7042 commit af63073
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions Doc/library/ssl.rst
Original file line number Diff line number Diff line change
Expand Up @@ -1472,6 +1472,19 @@ to speed up repeated connections from the same clients.
:data:`PROTOCOL_TLS`, :data:`PROTOCOL_TLS_CLIENT`, and
:data:`PROTOCOL_TLS_SERVER` use TLS 1.2 as minimum TLS version.

.. note::

:class:`SSLContext` only supports limited mutation once it has been used
by a connection. Adding new certificates to the internal trust store is
allowed, but changing ciphers, verification settings, or mTLS
certificates may result in surprising behavior.

.. note::

:class:`SSLContext` is designed to be shared and used by multiple
connections.
Thus, it is thread-safe as long as it is not reconfigured after being
used by a connection.

:class:`SSLContext` objects have the following methods and attributes:

Expand Down

0 comments on commit af63073

Please sign in to comment.