This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
| Author | alex |
|---|---|
| Recipients | alex, christian.heimes, dstufft, pitrou |
| Date | 2014年03月22日.18:19:21 |
| SpamBayes Score | -1.0 |
| Marked as misclassified | Yes |
| Message-id | <1395512361.39.0.194657167295.issue21013@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
Unfortunately most TLS implementations (particularly those in browser stacks) are vulnerable to downgrade attacks, whereby an attacker can send some malicious packets to simulate a connection failure and cause a lower version of the protocol to be negotiated, https://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-protocol-downgrade-attacks has some info on it. As a result, whenever possible it's really desirable to completely disallow as many poor choices as possible. |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2014年03月22日 18:19:21 | alex | set | recipients: + alex, pitrou, christian.heimes, dstufft |
| 2014年03月22日 18:19:21 | alex | set | messageid: <1395512361.39.0.194657167295.issue21013@psf.upfronthosting.co.za> |
| 2014年03月22日 18:19:21 | alex | link | issue21013 messages |
| 2014年03月22日 18:19:21 | alex | create | |