[issue21013] server-specific SSL context configuration
Donald Stufft
report at bugs.python.org
Sat Mar 22 19:25:25 CET 2014
Donald Stufft added the comment:
To be clear though, a lot of TLS servers out there still have SSL3.0 enabled by default, primarily because of IE6 / XP. I'm on the fence about what the right answer is for create_default_context. From a strictly "best practices for security" sense of view you want to disable SSLv3 (and this matches what create_default_context did prior to my patch).
Can we perhaps split the difference and disable SSL3.0 and document what the error looks like when you try to connect with SSL3.0 and how to re-enable it?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21013>
_______________________________________
More information about the Python-bugs-list
mailing list