[Python-checkins] cpython (3.4): Issue #22638: SSLv3 is now disabled throughout the standard library.
antoine.pitrou
python-checkins at python.org
Sun Nov 23 15:50:40 CET 2014
https://hg.python.org/cpython/rev/653dfb1240d5
changeset: 93544:653dfb1240d5
branch: 3.4
parent: 93537:7d1bd8eed59e
user: Antoine Pitrou <solipsis at pitrou.net>
date: Fri Oct 17 19:28:30 2014 +0200
summary:
Issue #22638: SSLv3 is now disabled throughout the standard library.
It can still be enabled by instantiating a SSLContext manually.
files:
Lib/ssl.py | 3 +++
Misc/NEWS | 3 +++
2 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -458,6 +458,9 @@
context = SSLContext(protocol)
# SSLv2 considered harmful.
context.options |= OP_NO_SSLv2
+ # SSLv3 has problematic security and is only required for really old
+ # clients such as IE6 on Windows XP
+ context.options |= OP_NO_SSLv3
if cert_reqs is not None:
context.verify_mode = cert_reqs
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -36,6 +36,9 @@
Library
-------
+- Issue #22638: SSLv3 is now disabled throughout the standard library.
+ It can still be enabled by instantiating a SSLContext manually.
+
- Issue #22370: Windows detection in pathlib is now more robust.
- Issue #22841: Reject coroutines in asyncio add_signal_handler().
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list