From 55e3d3c9bc0a400336aeb3bb3a22d04d2f8d041f Mon Sep 17 00:00:00 2001
From: ndmalc <>
Date: Tue, 21 Mar 2023 20:06:07 +0100
Subject: [PATCH 1/2] Expose secure renegotiation flag from TLS connection

---
 src/OpenSSL/SSL.py | 17 +++++++++++++++++
 tests/test_ssl.py  | 17 +++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index efbf7907e..5260c490c 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -2730,6 +2730,23 @@ def get_alpn_proto_negotiated(self):
 
         return _ffi.buffer(data[0], data_len[0])[:]
 
+    def get_secure_renegotiation_support(self):
+        """
+        Retrieve the secure renegotiation flag of the current connection.
+
+        :returns: A boolean representing the support of secure renegotiation (rfc5746)
+            for the current connection. True means that secure renegotiation is advertised
+            and supported by server. False means that secure renegotiation is not supported
+            or that client renegotiation is not supported at all.
+        :rtype: :class:`bool`
+        """
+        support = _lib.SSL_get_secure_renegotiation_support(self._ssl)
+
+        if support == 1:
+            return True
+        else:
+            return False
+
     def request_ocsp(self):
         """
         Called to request that the server sends stapled OCSP data, if
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 024436f06..a7b360fa6 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -3029,6 +3029,23 @@ def test_get_protocol_version(self):
 
         assert server_protocol_version == client_protocol_version
 
+    def test_get_secure_renegotiation_support(self):
+        """
+        `Connection.get_secure_renegotiation_support()` returns a boolean
+        stating secure renegotiation support of the current connection.
+        """
+        server, client = loopback(
+            lambda s: loopback_server_factory(s, TLSv1_2_METHOD),
+            lambda s: loopback_client_factory(s, TLSv1_2_METHOD),
+        )
+        client_secure_renegotiation_support = client.get_secure_renegotiation_support()
+        server_secure_renegotiation_support = server.get_secure_renegotiation_support()
+
+        assert isinstance(server_secure_renegotiation_support, bool)
+        assert isinstance(client_secure_renegotiation_support, bool)
+
+        assert client_secure_renegotiation_support == server_secure_renegotiation_support
+
     def test_wantReadError(self):
         """
         `Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are

From 481ca93f51f83f6cccade65c6431b6a82e2ff4d6 Mon Sep 17 00:00:00 2001
From: ndmalc <>
Date: Tue, 21 Mar 2023 21:00:14 +0100
Subject: [PATCH 2/2] Fix style violation of line too long

---
 src/OpenSSL/SSL.py |  9 +++++----
 tests/test_ssl.py  | 10 +++++-----
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 5260c490c..baad369b6 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -2734,10 +2734,11 @@ def get_secure_renegotiation_support(self):
         """
         Retrieve the secure renegotiation flag of the current connection.
 
-        :returns: A boolean representing the support of secure renegotiation (rfc5746)
-            for the current connection. True means that secure renegotiation is advertised
-            and supported by server. False means that secure renegotiation is not supported
-            or that client renegotiation is not supported at all.
+        :returns: A boolean representing the support of secure renegotiation
+            (rfc5746) for the current connection. True means that secure
+            renegotiation is advertised and supported by server. False
+            means that secure renegotiation is not supported or that
+            client renegotiation is not supported at all.
         :rtype: :class:`bool`
         """
         support = _lib.SSL_get_secure_renegotiation_support(self._ssl)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index a7b360fa6..ff570692f 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -3038,13 +3038,13 @@ def test_get_secure_renegotiation_support(self):
             lambda s: loopback_server_factory(s, TLSv1_2_METHOD),
             lambda s: loopback_client_factory(s, TLSv1_2_METHOD),
         )
-        client_secure_renegotiation_support = client.get_secure_renegotiation_support()
-        server_secure_renegotiation_support = server.get_secure_renegotiation_support()
+        client_sec_reneg_support = client.get_secure_renegotiation_support()
+        server_sec_reneg_support = server.get_secure_renegotiation_support()
 
-        assert isinstance(server_secure_renegotiation_support, bool)
-        assert isinstance(client_secure_renegotiation_support, bool)
+        assert isinstance(server_sec_reneg_support, bool)
+        assert isinstance(client_sec_reneg_support, bool)
 
-        assert client_secure_renegotiation_support == server_secure_renegotiation_support
+        assert client_sec_reneg_support == server_sec_reneg_support
 
     def test_wantReadError(self):
         """