Message214502
To be clear though, a lot of TLS servers out there still have SSL3.0 enabled by default, primarily because of IE6 / XP. I'm on the fence about what the right answer is for create_default_context. From a strictly "best practices for security" sense of view you want to disable SSLv3 (and this matches what create_default_context did prior to my patch).
Can we perhaps split the difference and disable SSL3.0 and document what the error looks like when you try to connect with SSL3.0 and how to re-enable it? |
|
Date |
User |
Action |
Args |
2014-03-22 18:25:25 | dstufft | set | recipients:
+ dstufft, pitrou, christian.heimes, alex |
2014-03-22 18:25:25 | dstufft | set | messageid: <1395512725.82.0.0535983447546.issue21013@psf.upfronthosting.co.za> |
2014-03-22 18:25:25 | dstufft | link | issue21013 messages |
2014-03-22 18:25:25 | dstufft | create | |
|