Antoine Pitrou added the comment: On the Web, there is indeed a good reaction time to security issues (especially in large providers). That may not be the case for all the other SSL services out there.
Since TLS_FALLBACK_SCSV is the recommended solution (not to mention it will work against other attacks), do you know if it's being implemented in OpenSSL? I would be surprised if nobody did it. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22638> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com