[Python-checkins] cpython (2.7): Backport disabling of SSLv3 in ssl._create_stdlib_context() (issue #22638).

antoine.pitrou python-checkins at python.org
Sun Nov 23 16:26:30 CET 2014

• Previous message: [Python-checkins] cpython: Update importlib.h
• Next message: [Python-checkins] cpython (2.7): initialize _makefile_refs earlier so things don't blow up when close() is
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

https://hg.python.org/cpython/rev/f762cbb712de
changeset: 93549:f762cbb712de
branch: 2.7
parent: 93541:414332e55f6c
user: Antoine Pitrou <solipsis at pitrou.net>
date: Fri Oct 17 19:28:30 2014 +0200
summary:
 Backport disabling of SSLv3 in ssl._create_stdlib_context() (issue #22638).
The backport currently doesn't achieve anything since the function isn't used (yet).
files:
 Lib/ssl.py | 3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -445,6 +445,9 @@
 context = SSLContext(protocol)
 # SSLv2 considered harmful.
 context.options |= OP_NO_SSLv2
+ # SSLv3 has problematic security and is only required for really old
+ # clients such as IE6 on Windows XP
+ context.options |= OP_NO_SSLv3
 
 if cert_reqs is not None:
 context.verify_mode = cert_reqs
-- 
Repository URL: https://hg.python.org/cpython

---

• Previous message: [Python-checkins] cpython: Update importlib.h
• Next message: [Python-checkins] cpython (2.7): initialize _makefile_refs earlier so things don't blow up when close() is
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list