On Wed, 15 Oct 2014 01:16:26 +0200 Victor Stinner <victor.stin...@gmail.com> wrote: > Hi, > > I opened an issue to track this vulnerability: > http://bugs.python.org/issue22638 > > SSL 3.0 is 8 years old, I guess that TLS is now widely deployed and > well supported? > > I guess that Linux vendors will have to fix the issues directly in > OpenSSL directly. Should Python only be changed on Windows?
If OpenSSL gets a patch, we can simply update the OpenSSL version used for Windows installers. > Or do you want to modify Python to disable SSLv3 in the ssl module? > OpenSSL provides a SSL_OP_NO_SSLv2 option for SSL context. Is there a > SSL_OP_NO_SSLv3 option? Or only change the constructor of > ssl.SSLContext? Please let's not have this discussion on two different channels. *Either* the bug tracker or the mailing-list. Thank you Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
