New submission from Alex Gaynor: SSLv3 is broken, both _create_unverified_context and create_default_context turn it off, but we should make all contexts turn it off, like we do for SSLv2.
A patch is attached. ---------- components: Library (Lib) files: sslv3.diff keywords: needs review, patch, security_issue messages: 253868 nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou priority: normal severity: normal status: open title: ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it versions: Python 2.7, Python 3.5, Python 3.6 Added file: http://bugs.python.org/file40920/sslv3.diff _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25530> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
