Message232489
| Author |
lemburg |
| Recipients |
alex, benjamin.peterson, dstufft, lemburg, r.david.murray |
| Date |
2014年12月11日.20:37:59 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<548A00A0.3080909@egenix.com> |
| In-reply-to |
<1418329590.2570749.201827961.6C1B2B49@webmail.messagingengine.com> |
| Content |
> Benjamin Peterson added the comment:
>
> On Thu, Dec 11, 2014, at 15:24, Marc-Andre Lemburg wrote:
>>
>> Marc-Andre Lemburg added the comment:
>>
>> On 11.12.2014 20:42, Benjamin Peterson wrote:
>>>
>>> Usually you can pass your own context.
>>
>> Yes, in new code, but not in existing Python 2.7 code that wasn't
>> written for the newly added SSL context feature.
>
> How is modifying code to use a context different from modifying it to
> mess around with a hypothetical ssl.DEFAULT_SSL_OPTIONS?
Hmm, isn't that obvious ?
You only have to add a single line of code to tweak the default
options rather than add context support throughout your application.
>> BTW: Having a way to change the SSL options globally would be useful
>> for Python 3.x as well, since OpenSSL often adds new options and
>> it's not unlikely we'll see an OP_NO_TLSv1 option soon, given its
>> age and similarity to SSLv3...
>> https://www.imperialviolet.org/2014/12/08/poodleagain.html
>> (the poodle strikes back ;-))
>
> That option already exists and is exposed. :)
Right, but it's not used in the current default context.
Hard coding options in a function is not a good idea, really, esp.
not for things that change as often as cipher strings and protocol
options :-) |
|