[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)
Donald Stufft
report at bugs.python.org
Wed Oct 15 14:08:35 CEST 2014
Donald Stufft added the comment:
The naming of SSLv23 is sort of unfortunate, that will negotiate the highest version of SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 that both the client and the server support. You can modify the list of what protocols are supported using the ssl.OP_NO_* flags. By default SSL 2.0 has been disabled in Python 2.7 (in <2.7.9 you can't even turn it back on afaik) and SSL 3.0 is already disabled by create_default_context() (but can be renabled by negating ssl.OP_NO_SSLv3).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22638>
_______________________________________
More information about the Python-bugs-list
mailing list