Changes by Florian Weimer fwei...@redhat.com:
--
nosy: +fweimer
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13747
___
___
Python-bugs-list
Florian Weimer added the comment:
OpenSSL cross-version updates are sometimes difficult because they invalidate
certifications. Updating Python to SSLv23 with SSL_OP_NO_SSLv2 is
comparatively easy and also much less riskier.
Shall I submit a patch which changes the default? I would also
Antoine Pitrou added the comment:
Florian this was already handled in issue #13636 (changeset f9122975fd80).
--
resolution: - out of date
stage: - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
New submission from Ben Darnell ben.darn...@gmail.com:
The ssl module docs claim that the default ssl_version for client-side
operation is SSLv3, but it is actually SSLv23. The exact behavior depends on
the version of openssl: starting in 1.0 the connection is limited by default
to SSLv3 or
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 3db0abf3058b by Antoine Pitrou in branch '2.7':
Issue #13747: fix documentation error about the default SSL version.
http://hg.python.org/cpython/rev/3db0abf3058b
New changeset 4f14c249f3de by Antoine Pitrou in
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 7ae0f71862f9 by Antoine Pitrou in branch '3.2':
Issue #13747: fix documentation error about the default SSL version.
http://hg.python.org/cpython/rev/7ae0f71862f9
New changeset b4194af97948 by Antoine Pitrou in
Antoine Pitrou pit...@free.fr added the comment:
Thanks for noticing. I've now fixed the docs.
It would be nice if the default mode were SSLv23 with SSL_OP_NO_SSLv2
set so the defaults would be safe even with older versions of openssl
Mmmh, perhaps, although wouldn't someone deploying a new
Ben Darnell ben.darn...@gmail.com added the comment:
Not necessarily. If I want to run python 2.7 or 3.x on an older linux
distribution (e.g. Ubuntu 10.04 LTS, which has python 2.6 and openssl 0.9.8), I
need to build from source, but I wouldn't think to update/rebuild all the
dependencies