Message 152068 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	barry, benjamin.peterson, loewis, pitrou
Date	2012-01-27.08:25:52
SpamBayes Score	0.03856435
Marked as misclassified	No
Message-id	<1327652753.95.0.174471030951.issue13885@psf.upfronthosting.co.za>
In-reply-to

Content
Original e-mail from Apple security team: > Follow-up: 187806281 > > SSL 3.0 and TLS 1.0 are vulnerable to an attack described at > > http://www.openssl.org/~bodo/tls-cbc.txt > > OpenSSL includes a countermeasure which prevents the attack, but python > 2.7 has, around line 372 of Modules/_ssl.c: > > SSL_CTX_set_options(self->ctx, SSL_OP_ALL); > > SSL_OP_ALL includes SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS which disables the > countermeasure. > > 2.6 is similar.

Original e-mail from Apple security team:

> Follow-up:  187806281
> 
> SSL 3.0 and TLS 1.0 are vulnerable to an attack described at
> 
> http://www.openssl.org/~bodo/tls-cbc.txt
> 
> OpenSSL includes a countermeasure which prevents the attack, but python
> 2.7 has, around line 372 of Modules/_ssl.c:
> 
> SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
> 
> SSL_OP_ALL includes SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS which disables the 
> countermeasure.
> 
> 2.6 is similar.

History
Date	User	Action	Args
2012-01-27 08:25:54	pitrou	set	recipients: + pitrou, loewis, barry, benjamin.peterson
2012-01-27 08:25:53	pitrou	set	messageid: <1327652753.95.0.174471030951.issue13885@psf.upfronthosting.co.za>
2012-01-27 08:25:53	pitrou	link	issue13885 messages
2012-01-27 08:25:52	pitrou	create