[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)
Antoine Pitrou
report at bugs.python.org
Wed Oct 15 01:25:20 CEST 2014
Antoine Pitrou added the comment:
On the Web, there is indeed a good reaction time to security issues (especially in large providers). That may not be the case for all the other SSL services out there.
Since TLS_FALLBACK_SCSV is the recommended solution (not to mention it will work against other attacks), do you know if it's being implemented in OpenSSL? I would be surprised if nobody did it.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22638>
_______________________________________
More information about the Python-bugs-list
mailing list