[issue5639] Support TLS SNI extension in ssl module
Donald Stufft
report at bugs.python.org
Thu Mar 20 04:30:47 CET 2014
Donald Stufft added the comment:
To be clear, to get SNI with requests on 2.x you need requests, pyopenssl, ndg-httpsclient, and pyasn1 (which also pulls in cryptography, six, cffi, and pycparser). So that's 8 dependencies to get SNI on Python 2.x.
At least it's doable but it's kind of really unfriendly :/ Also the error message you get when you need SNI and it's not available is basically the most obtuse thing ever. You get told that the SSL verification failed for <some other domain> that isn't what you asked for but when you go to it in your Browser it'll all work kosher with no indication it was using SNI.
It's generally a good idea to install those extra things anyways because the SSL lib on Python 2.7 has other actual security issues which those address (IIRC it still has TLS compression on, I think it's default cipher list is rather poor, doesn't support TLS 1.2, etc).
----------
nosy: +dstufft
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5639>
_______________________________________
More information about the Python-bugs-list
mailing list