[issue22935] Disabling SSLv3 support
Kurt Roeckx
report at bugs.python.org
Fri Dec 12 14:28:54 CET 2014
Kurt Roeckx added the comment:
SSLv3 does not support the TLS extensions so it's going to send a totally different Client Hello. It will for instance not indicate with elliptic curves it supports. So yes the behavior for SSLv3 and SSLv23 can be totally different. But even with both SSLv23 and a different cipher list you can get a different certificate.
So what I'm really saying is that if you have an API to get a certificate that creates a new connection and you can set the options for that connection too that you need to document that properly that you might get a different certificate.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22935>
_______________________________________
More information about the Python-bugs-list
mailing list