Add ability to TLS 1.3 cipher suites on SSL Context

schwabe · schwabe · commit 0f13c171d07b · 2025-07-15T13:16:30.000+02:00
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -1500,6 +1500,29 @@ def set_cipher_list(self, cipher_list: bytes) -> None:
                 ],
             )
 
+    @_require_not_used
+    def set_ciphersuites(self, ciphersuites: bytes) -> None:
+        """
+        Set the list of TLS 1.3 ciphers to be used in this context.
+        OpenSSL maintains a separate list of TLS 1.3+ ciphers to
+        ciphers for TLS 1.2 and lowers.
+
+        See the OpenSSL manual for more information (e.g.
+        :manpage:`ciphers(1)`).
+
+        :param bytes ciphersuites: An OpenSSL cipher string containing
+            TLS 1.3+ ciphersuites.
+        :return: None
+        """
+        ciphersuites = _text_to_bytes_and_warn("ciphersuites", ciphersuites)
+
+        if not isinstance(ciphersuites, bytes):
+            raise TypeError("ciphersuites must be a byte string.")
+
+        _openssl_assert(
+            _lib.SSL_CTX_set_ciphersuites(self._context, ciphersuites) == 1
+        )
+
     @_require_not_used
     def set_client_ca_list(
         self, certificate_authorities: Sequence[X509Name]
