The PEP proposes several new abstract base classes, and an interface that accesses these classes. They can be used to access TLS functionality without being tightly linked to OpenSSL:
- The following interfaces, currently used by Python, require standardization:
- Configuring TLS, currently set by the ssl.SSLContext class.
- In-memory buffer for encryption/decryption without actual I/O, currently set by the ssl.SSLObject class.
- Wrapping a socket object, currently done via ssl.SSLSocket.
- Putting the TLS configuration to the wrapper objects indicated previously, currently done by ssl.SSLContext.
- Specifying the TLS cipher suites, currently handled by using the OpenSSL cipher suite strings.
- Specifying application-layer protocols for ...