➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2014-03-20 04:45 by ncoghlan, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Messages (3) | |||
|---|---|---|---|
| msg214173 - (view) | Author: Nick Coghlan (ncoghlan) *  |
Date: 2014-03-20 04:45 | |
The ssl docs currently have a security warning at the top directing users to the Security Considerations section at http://docs.python.org/3/library/ssl#ssl-security That section currently dives directly into the technical details of choosing suitable SSL settings, and doesn't reference back to the new http://docs.python.org/3/library/ssl#ssl.create_default_context helper function. I believe this section should *start* with an example of using the create_default_context() to create an SSL wrapped socket with reasonable settings, and only *then* continue on with the technical details. |
|||
| msg214175 - (view) | Author: Nick Coghlan (ncoghlan) * |
Date: 2014-03-20 04:54 | |
Potentially more controversial: we could also update that section and other parts of the docs to state that "create_default_context" is expected to become a true default context in a future release. (such that if you want insecure settings, you will have to opt in to them) However, that change may be better handled as part of a more comprehensive PEP. |
|||
| msg214200 - (view) | Author: Antoine Pitrou (pitrou) * |
Date: 2014-03-20 10:55 | |
Duplicate of issue 20913. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:00 | admin | set | github: 65187 |
| 2014-03-20 10:55:20 | pitrou | set | status: open -> closed superseder: Standard Library documentation needs SSL security best practices doc. resolution: duplicate messages: + msg214200 |
| 2014-03-20 04:54:31 | ncoghlan | set | messages: + msg214175 |
| 2014-03-20 04:45:39 | ncoghlan | create | |