diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index efbf7907e..baad369b6 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -2730,6 +2730,24 @@ def get_alpn_proto_negotiated(self): return _ffi.buffer(data[0], data_len[0])[:] + def get_secure_renegotiation_support(self): + """ + Retrieve the secure renegotiation flag of the current connection. + + :returns: A boolean representing the support of secure renegotiation + (rfc5746) for the current connection. True means that secure + renegotiation is advertised and supported by server. False + means that secure renegotiation is not supported or that + client renegotiation is not supported at all. + :rtype: :class:`bool` + """ + support = _lib.SSL_get_secure_renegotiation_support(self._ssl) + + if support == 1: + return True + else: + return False + def request_ocsp(self): """ Called to request that the server sends stapled OCSP data, if diff --git a/tests/test_ssl.py b/tests/test_ssl.py index 024436f06..ff570692f 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -3029,6 +3029,23 @@ def test_get_protocol_version(self): assert server_protocol_version == client_protocol_version + def test_get_secure_renegotiation_support(self): + """ + `Connection.get_secure_renegotiation_support()` returns a boolean + stating secure renegotiation support of the current connection. + """ + server, client = loopback( + lambda s: loopback_server_factory(s, TLSv1_2_METHOD), + lambda s: loopback_client_factory(s, TLSv1_2_METHOD), + ) + client_sec_reneg_support = client.get_secure_renegotiation_support() + server_sec_reneg_support = server.get_secure_renegotiation_support() + + assert isinstance(server_sec_reneg_support, bool) + assert isinstance(client_sec_reneg_support, bool) + + assert client_sec_reneg_support == server_sec_reneg_support + def test_wantReadError(self): """ `Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are