[Python-Dev] Enable Hostname and Certificate Chain Validation
Antoine Pitrou
solipsis at pitrou.net
Thu Jan 23 16:03:26 CET 2014
On Thu, 23 Jan 2014 01:45:15 -0500
Scott Dial <scott+python-dev at scottdial.com> wrote:
>
> Anecdotally, I already know of a system at work that is using HTTPS
> purely for encryption, because the authentication is done in-band. So, a
> self-signed cert was wholly sufficient. The management tools use a
> RESTful interface over HTTPS for control, but you are telling me this
> will be broken by default now. What do I tell our developers (who often
> adopt the latest and greatest versions of things to play with)?
That the system may be vulnerable to MITM attacks? (depending on how
the authentication is done)
Regards
Antoine.
More information about the Python-Dev
mailing list