Support TLS 1.3 half-closed connections

[dimaqq]

BPO	42200
Nosy	@tiran, @dimaqq

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/tiran'
closed_at = None
created_at = <Date 2020-10-30.02:24:05.303>
labels = ['expert-SSL', 'type-feature', '3.10']
title = 'Support TLS 1.3 half-closed connections'
updated_at = <Date 2020-10-30.02:24:05.303>
user = 'https://github.com/dimaqq'

bugs.python.org fields:

activity = <Date 2020-10-30.02:24:05.303>
actor = 'Dima.Tisnek'
assignee = 'christian.heimes'
closed = False
closed_date = None
closer = None
components = ['SSL']
creation = <Date 2020-10-30.02:24:05.303>
creator = 'Dima.Tisnek'
dependencies = []
files = []
hgrepos = []
issue_num = 42200
keywords = []
message_count = 1.0
messages = ['379908']
nosy_count = 2.0
nosy_names = ['christian.heimes', 'Dima.Tisnek']
pr_nums = []
priority = 'normal'
resolution = None
stage = None
status = 'open'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue42200'
versions = ['Python 3.10']

[dimaqq]

(apologies if this was raised before, I couldn't find it in bugs, mailing lists or discourse).
(also apologies if I misunderstood something about the protocol)

Up to an including TLS 1.2, a single close notify terminates both upstream and downstream; Starting with TLS 1.3 there are separate close notify alerts for upstream and downstream.

This means that it's possible to have a TLS connection in half-closed state, e.g. to send "GET / HTTP xx; close notify" and then wait for the server response.

Today, that's not possible, at least in asyncio, as evidenced by https://bugs.python.org/issue39951
(I did not check synchronous wrapped sockets)