[Python-checkins] [2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) (#5792)
Benjamin Peterson
webhook-mailer at python.org
Wed Feb 21 01:17:13 EST 2018
https://github.com/python/cpython/commit/6c7edba1665ea676328c6b50f92e8423c8f0d164
commit: 6c7edba1665ea676328c6b50f92e8423c8f0d164
branch: 2.7
author: Benjamin Peterson <benjamin at python.org>
committer: GitHub <noreply at github.com>
date: 2018-02-20T22:17:10-08:00
summary:
[2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) (#5792)
It's bad form to pin to an old version of TLS. ssl.SSLContext has the right
protocol default, so let's not pass anyway..
(cherry picked from commit e9edee0b65650c4f9db90cefc2e9a8125bad762c)
files:
M Doc/library/ssl.rst
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 5b55a82f5ecd..0ac06fa166f6 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -1330,7 +1330,7 @@ to speed up repeated connections from the same clients.
import socket, ssl
- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_default_certs()
@@ -1536,7 +1536,7 @@ If you prefer to tune security settings yourself, you might create
a context from scratch (but beware that you might not get the settings
right)::
- >>> context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ >>> context = ssl.SSLContext(ssl.PROTOCOL_TLS)
>>> context.verify_mode = ssl.CERT_REQUIRED
>>> context.check_hostname = True
>>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")
More information about the Python-checkins
mailing list