This is an automated email from the ASF dual-hosted git repository. tomaz pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/libcloud.git
The following commit(s) were added to refs/heads/trunk by this push: new 56674f462 Remove unused libcloud.security.SSL_VERSION module level constant / variable which has been unused and had no affect since we have switched to the requests library for making HTTP(s) requests in 2016. new 572c3ff83 Merge branch 'trunk' of http://gitbox.apache.org/repos/asf/libcloud into trunk 56674f462 is described below commit 56674f462e7ddf6668b4de3575736b706181f1e4 Author: Tomaz Muraus <to...@tomaz.me> AuthorDate: Tue Aug 1 23:13:46 2023 +0200 Remove unused libcloud.security.SSL_VERSION module level constant / variable which has been unused and had no affect since we have switched to the requests library for making HTTP(s) requests in 2016. --- CHANGES.rst | 6 +++++ docs/other/ssl-certificate-validation.rst | 43 ------------------------------- libcloud/security.py | 4 +-- 3 files changed, 7 insertions(+), 46 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 6886e6c55..0a8dc75cf 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -97,6 +97,12 @@ Other (GITHUB-1920) [Tomaz Muraus - @Kami] +- Remove unused ``libcloud.security.SSL_VERSION`` constant / module level + variable. This variable has been unused and had no affect on the behavior + since we switched to the ``requests`` library for making HTTP(s) requests in + 2016. + [Tomaz Muraus - @Kami] + Changes in Apache Libcloud 3.7.0 -------------------------------- diff --git a/docs/other/ssl-certificate-validation.rst b/docs/other/ssl-certificate-validation.rst index 704945f8c..dcb90ab01 100644 --- a/docs/other/ssl-certificate-validation.rst +++ b/docs/other/ssl-certificate-validation.rst @@ -110,46 +110,3 @@ For example: libcloud.security.VERIFY_SSL_CERT = False # Instantiate and work with the driver here... - -Changing used SSL / TLS version -------------------------------- - -.. note:: - - Linode recently dropped support for TLS v1.0 and it only supports TLS v1.1 - and higher. - If you are using Linode driver you need to update your code to use TLS v1.1 - or TLS v1.2 as shown below. - -For compatibility and safety reasons (we also support older Python versions), -Libcloud uses TLS v1.0 by default. - -If the provier doesn't support this version or if you want to use a different -version because of security reasons (you should always use the highest version -which is supported by your system and your provider) you can tell Libcloud to -use a different version as shown below. - -.. sourcecode:: python - - import ssl - - import libcloud.security - libcloud.security.SSL_VERSION = ssl.PROTOCOL_TLSv1_1 - # or - libcloud.security.SSL_VERSION = ssl.PROTOCOL_TLSv1_2 - - # Instantiate and work with the driver here... - -Keep in mind that TLS v1.1 and v1.2 is right now only supported in Python >= -3.4 and Python 2.7.9. In addition to that, your system also needs to have a -recent version of OpenSSL available. - -Another (**unsafe** and **unrecommended**) option is to use -``ssl.PROTOCOL_SSLv23`` constant which will let client know to pick the highest -protocol version which both the client and server support. If this constant is -selected, the client will be selecting between SSL v3.0, TLS v1.0, TLS v1.1 and -TLS v1.2. - -Keep in mind that SSL v3.0 is considered broken and unsafe and using this -option can result in a downgrade attack so we strongly recommend **NOT** to use -it. diff --git a/libcloud/security.py b/libcloud/security.py index bf329b7d2..fc5509d4f 100644 --- a/libcloud/security.py +++ b/libcloud/security.py @@ -26,12 +26,10 @@ Usage: import os import ssl -__all__ = ["VERIFY_SSL_CERT", "SSL_VERSION", "CA_CERTS_PATH"] +__all__ = ["VERIFY_SSL_CERT", "CA_CERTS_PATH"] VERIFY_SSL_CERT = True -SSL_VERSION = ssl.PROTOCOL_TLSv1 - # True to use certifi CA bundle path when certifi library is available USE_CERTIFI = os.environ.get("LIBCLOUD_SSL_USE_CERTIFI", True) USE_CERTIFI = str(USE_CERTIFI).lower() in ["true", "1"]