Message229437
I read the table explaining how SSL/TLS is negociated between the client and the server:
https://docs.python.org/2.7/library/ssl.html#ssl.wrap_socket
I don't understand how I can ask to "use TLS, prefer the most recent version, but don't use SSL"? Should I use TLSv1 which only works with TLS version 1.0? Or TLSv12 and bet that the server implements this newer TLS version?
create_default_context() uses PROTOCOL_SSLv23 with OP_NO_SSLv2 and OP_NO_SSLv3. I don't understand: we ask to use "SSL version 2 or 3" but we disable SSLv2 and SSLv3?
If the client uses PROTOCOL_SSLv23, does it mean that TLS will never be tried? |
|
Date |
User |
Action |
Args |
2014-10-15 12:03:12 | vstinner | set | recipients:
+ vstinner, janssen, pitrou, giampaolo.rodola, christian.heimes, Arfrever, alex, dstufft, Lukasa, martius |
2014-10-15 12:03:12 | vstinner | set | messageid: <1413374592.56.0.522866076929.issue22638@psf.upfronthosting.co.za> |
2014-10-15 12:03:12 | vstinner | link | issue22638 messages |
2014-10-15 12:03:12 | vstinner | create | |
|