mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 17:08:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

actually ssl3 is just completely broken

Browse source
This commit is contained in:
Benjamin Peterson 2015-04-08 11:11:00 -04:00
parent 7ecfc82edb
commit 6f362fa6c8
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Doc/library/ssl.rst
View file

@ -263,13 +263,13 @@ purposes.
.. note::
If you find that when certain older clients or servers attempt to connect
with a :class:`SSLContext` created by this function that they get an
error stating "Protocol or cipher suite mismatch", it may be that they
only support SSL3.0 which this function excludes using the
:data:`OP_NO_SSLv3`. SSL3.0 has problematic security due to a number of
poor implementations and it's reliance on MD5 within the protocol. If you
wish to continue to use this function but still allow SSL 3.0 connections
you can re-enable them using::
with a :class:`SSLContext` created by this function that they get an error
stating "Protocol or cipher suite mismatch", it may be that they only
support SSL3.0 which this function excludes using the
:data:`OP_NO_SSLv3`. SSL3.0 is widely considered to be `completely broken
<https://en.wikipedia.org/wiki/POODLE>`_. If you still wish to continue to
use this function but still allow SSL 3.0 connections you can re-enable
them using::
ctx = ssl.create_default_context(Purpose.CLIENT_AUTH)
ctx.options &= ~ssl.OP_NO_SSLv3