mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-10 00:43:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 18

Issue #22638: SSLv3 is now disabled throughout the standard library.

Browse source 
It can still be enabled by instantiating a SSLContext manually.
This commit is contained in:
Antoine Pitrou 2014-10-17 19:28:30 +02:00
parent c2c62b13ce
commit e4eda4d33f
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Lib/ssl.py
View file

@ -454,6 +454,9 @@ def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
context = SSLContext(protocol) context = SSLContext(protocol)
# SSLv2 considered harmful. # SSLv2 considered harmful.
context.options |= OP_NO_SSLv2 context.options |= OP_NO_SSLv2
# SSLv3 has problematic security and is only required for really old
# clients such as IE6 on Windows XP
context.options |= OP_NO_SSLv3
if cert_reqs is not None: if cert_reqs is not None:
context.verify_mode = cert_reqs context.verify_mode = cert_reqs

3
Misc/NEWS
View file

@ -178,6 +178,9 @@ Core and Builtins
Library Library
------- -------
- Issue #22638: SSLv3 is now disabled throughout the standard library.
It can still be enabled by instantiating a SSLContext manually.
- Issue #22641: In asyncio, the default SSL context for client connections - Issue #22641: In asyncio, the default SSL context for client connections
is now created using ssl.create_default_context(), for stronger security. is now created using ssl.create_default_context(), for stronger security.