[Python-checkins] cpython (2.7): Backport disabling of SSLv3 in ssl._create_stdlib_context() (issue #22638).
antoine.pitrou
python-checkins at python.org
Sun Nov 23 16:26:30 CET 2014
https://hg.python.org/cpython/rev/f762cbb712de
changeset: 93549:f762cbb712de
branch: 2.7
parent: 93541:414332e55f6c
user: Antoine Pitrou <solipsis at pitrou.net>
date: Fri Oct 17 19:28:30 2014 +0200
summary:
Backport disabling of SSLv3 in ssl._create_stdlib_context() (issue #22638).
The backport currently doesn't achieve anything since the function isn't used (yet).
files:
Lib/ssl.py | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -445,6 +445,9 @@
context = SSLContext(protocol)
# SSLv2 considered harmful.
context.options |= OP_NO_SSLv2
+ # SSLv3 has problematic security and is only required for really old
+ # clients such as IE6 on Windows XP
+ context.options |= OP_NO_SSLv3
if cert_reqs is not None:
context.verify_mode = cert_reqs
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list