[Python-Dev] Let's make the SSL module sane
Antoine Pitrou
solipsis at pitrou.net
Mon Sep 12 08:01:15 EDT 2016
On Sat, 10 Sep 2016 20:23:13 +0200
Christian Heimes <christian at python.org> wrote:
>
> It's a bit too clever and tricky for my taste. I prefer 'explicit is
> better than implicit' for trust anchors. My main concern are secure
> default settings. A SSLContext should be secure w/o further settings in
> order to prevent developers to shoot themselves in the knee.
>
> Missing root certs are not a direct security issue with CERT_REQUIRED.
> The connection will simply fail. I'd rather improve the error message
> than to auto-load certs.
Agreed with all this. You don't want to have "magic" behaviour in a
security-oriented module. Let people configure their contexts
explicitly.
As a reminder, people who don't want to configure TLS themselves should
use an intermediate layer instead, such as ssl.create_default_context()
or an application protocol implementation (httplib, etc.).
Regards
Antoine.
More information about the Python-Dev
mailing list