I think that Alex and Kurt partially answered your questions.
On Wed, Oct 18, 2017 at 8:27 PM, Gregory Szorc wrote:
> I'm very naive about how TLS libraries are implemented and how the TLS
> handshake works.
The basic design is that the client decides what to offer and then the
server picks. Yo
On Wed, Oct 18, 2017 at 11:27:45AM +0200, Gregory Szorc wrote:
> The way you specify the desired TLS protocol version (which is heavily
> inspired by OpenSSL's API) is to pass a protocol constant along with some
> more options to control ciphers, protocol options (like compression), etc.
> If you w
Hi Gregory,
Using PROTOCOL_SSLv23 with OP_NO_SSLv2 | OP_NO_SSL3 | OP_NO_TLSv1 |
OP_NO_TLSv1_1 is the correct way to do things in Python (of all versions)
-- as you note the OP_NO_TLSv1_1/1_2 constants aren't available in older
Pythons though.
Luckily (unluckily?) these constants are really just i
Context:
Python has a long and sad history with regards to getting connection
security right. Modern versions of Python (>=2.7.9 and >=3.6) have a vastly
better story. But software often needs to handle what happens when running
on older versions of Python in the wild or else connection security c
4 matches
Mail list logo
