mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 08:59:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Issue #20913: improve the SSL security considerations to first advocate using create_default_context().

Browse source
This commit is contained in:
Antoine Pitrou 2014-03-22 18:19:11 +01:00
parent 0bebbc33fa
commit c5e075ff03
8 changed files with 134 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Doc/library/nntplib.rst
View file

@ -94,6 +94,7 @@ The module itself defines the following classes:
port *port*. :class:`NNTP_SSL` objects have the same methods as
:class:`NNTP` objects. If *port* is omitted, port 563 (NNTPS) is used.
*ssl_context* is also optional, and is a :class:`~ssl.SSLContext` object.
Please read :ref:`ssl-security` for best practices.
All other parameters behave the same as for :class:`NNTP`.
Note that SSL-on-563 is discouraged per :rfc:`4642`, in favor of
@ -104,8 +105,8 @@ The module itself defines the following classes:
.. versionchanged:: 3.4
The class now supports hostname check with
:attr:`SSLContext.check_hostname` and *Server Name Indicator* (see
:data:`~ssl.HAS_SNI`).
:attr:`ssl.SSLContext.check_hostname` and *Server Name Indication* (see
:data:`ssl.HAS_SNI`).
.. exception:: NNTPError
@ -234,9 +235,10 @@ tuples or objects that the method normally returns will be empty.
.. method:: NNTP.starttls(ssl_context=None)
Send a ``STARTTLS`` command. The *ssl_context* argument is optional
and should be a :class:`ssl.SSLContext` object. This will enable
encryption on the NNTP connection.
Send a ``STARTTLS`` command. This will enable encryption on the NNTP
connection. The *ssl_context* argument is optional and should be a
:class:`ssl.SSLContext` object. Please read :ref:`ssl-security` for best
practices.
Note that this may not be done after authentication information has
been transmitted, and authentication occurs by default if possible during a
@ -247,8 +249,8 @@ tuples or objects that the method normally returns will be empty.
.. versionchanged:: 3.4
The method now supports hostname check with
:attr:`SSLContext.check_hostname` and *Server Name Indicator* (see
:data:`~ssl.HAS_SNI`).
:attr:`ssl.SSLContext.check_hostname` and *Server Name Indication* (see
:data:`ssl.HAS_SNI`).
.. method:: NNTP.newgroups(date, *, file=None)