Add ability to TLS 1.3 cipher suites on SSL Context

schwabe · schwabe · commit 39c2fbcc8ceb · 2025-07-15T12:34:50.000+02:00
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -1500,6 +1500,29 @@ def set_cipher_list(self, cipher_list: bytes) -> None:
                 ],
             )
 
+
+    @_require_not_used
+    def set_ciphersuites_list(self, ciphersuites_list: bytes) -> None:
+        """
+        Set the list of TLS 1.3 ciphers to be used in this context.
+        OpenSSL maintains a separate list of TLS 1.3+ ciphers to
+        ciphers for TLS 1.2 and lowers.
+
+        See the OpenSSL manual for more information (e.g.
+        :manpage:`ciphers(1)`).
+
+        :param bytes cipher_list: An OpenSSL cipher string.
+        :return: None
+        """
+        cipher_list = _text_to_bytes_and_warn("ciphersuites_list", cipher_list)
+
+        if not isinstance(cipher_list, bytes):
+            raise TypeError("cipher_list must be a byte string.")
+
+        _openssl_assert(
+            _lib.SSL_CTX_set_ciphersuites(self._context, cipher_list) == 1
+        )        
+        
     @_require_not_used
     def set_client_ca_list(
         self, certificate_authorities: Sequence[X509Name]
