diff --git a/Doc/library/intro.rst b/Doc/library/intro.rst index 8f76044be488cd..e45f6e8155dad2 100644 --- a/Doc/library/intro.rst +++ b/Doc/library/intro.rst @@ -65,6 +65,10 @@ Notes on availability *Availability: Linux >= 3.17 with glibc >= 2.27* requires both Linux 3.17 or newer and glibc 2.27 or newer. +* A particular library dependency with an optional minimal ``major.minor`` + version constraint is indicated by *Availability: library >= major.minor*. + + .. _wasm-availability: WebAssembly platforms diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 0f2c2b89295cdf..bb75cf38b45c92 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -28,7 +28,15 @@ probably additional platforms, as long as OpenSSL is installed on that platform. cause variations in behavior. For example, TLSv1.3 comes with OpenSSL version 1.1.1. +.. note:: + + Support for other implementations of ``libssl`` such as AWS-LC, BoringSSL, + or LibreSSL may be assumed but not guaranteed. When a feature is known to + be unavailable for a specific backend, it will be explicitly mentioned in + an :ref:`Availability ` note as *Availability: not *. + .. warning:: + Don't use this module without reading the :ref:`ssl-security`. Doing so may lead to a false sense of security, as the default settings of the ssl module are not necessarily appropriate for your application. @@ -232,6 +240,8 @@ Signature algorithms :meth:`SSLContext.set_client_sigalgs` and :meth:`SSLContext.set_server_sigalgs` methods. + .. availability:: OpenSSL >= 3.4 + .. versionadded:: next @@ -1318,6 +1328,8 @@ SSL sockets also have the following additional methods and attributes: Return the group used for doing key agreement on this connection. If no connection has been established, returns ``None``. + .. availability:: OpenSSL >= 3.2 + .. versionadded:: next .. method:: SSLSocket.client_sigalg() @@ -1326,6 +1338,8 @@ SSL sockets also have the following additional methods and attributes: authentication on this connection, or ``None`` if no connection has been established or client authentication didn't occur. + .. availability:: OpenSSL >= 3.5 + .. versionadded:: next .. method:: SSLSocket.server_sigalg() @@ -1334,6 +1348,8 @@ SSL sockets also have the following additional methods and attributes: handshake on this connection, or ``None`` if no connection has been established or the cipher suite has no signature. + .. availability:: OpenSSL >= 3.5 + .. versionadded:: next .. method:: SSLSocket.compression() @@ -1710,6 +1726,8 @@ to speed up repeated connections from the same clients. :const:`True` this method will also return any associated aliases such as the ECDH curve names supported in older versions of OpenSSL. + .. availability:: OpenSSL >= 3.5 + .. versionadded:: next .. method:: SSLContext.set_default_verify_paths() @@ -1777,6 +1795,8 @@ to speed up repeated connections from the same clients. sockets will return the signature algorithm used for performing certificate-based client authentication on that connection. + .. availability:: not AWS-LC + .. versionadded:: next .. method:: SSLContext.set_server_sigalgs(sigalgs, /) diff --git a/Doc/tools/extensions/availability.py b/Doc/tools/extensions/availability.py index 1a2c7b02b44439..583462c8b912e2 100644 --- a/Doc/tools/extensions/availability.py +++ b/Doc/tools/extensions/availability.py @@ -46,7 +46,13 @@ # POSIX platforms with pthreads "pthreads", }) -KNOWN_PLATFORMS = _PLATFORMS | _LIBC | _THREADING +_SSL_BACKENDS = frozenset({ + "OpenSSL", + "AWS-LC", + "LibreSSL", + "BoringSSL", +}) +KNOWN_PLATFORMS = _PLATFORMS | _LIBC | _THREADING | _SSL_BACKENDS class Availability(SphinxDirective):