Message 229587 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	Arfrever, Lukasa, alex, christian.heimes, donmez, dstufft, giampaolo.rodola, janssen, martius, pitrou, python-dev, vstinner
Date	2014-10-17.17:33:53
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1413567233.45.0.47377559636.issue22638@psf.upfronthosting.co.za>
In-reply-to

Content
So, I've disabled SSLv3 in _create_stdlib_context() for the next feature release (3.5). By the time it is released, we can consider SSLv3 will be dead. Related news: - Opera doesn't disable SSLv3 yet, but implements custom countermeasures: http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks/ - Mozilla doesn't disable SSLv3 yet (it will be disabled in 3 months): https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

So, I've disabled SSLv3 in _create_stdlib_context() for the next feature release (3.5). By the time it is released, we can consider SSLv3 will be dead.

Related news:
- Opera doesn't disable SSLv3 yet, but implements custom countermeasures:
http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks/
- Mozilla doesn't disable SSLv3 yet (it will be disabled in 3 months):
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

History
Date	User	Action	Args
2014-10-17 17:33:53	pitrou	set	recipients: + pitrou, janssen, vstinner, giampaolo.rodola, christian.heimes, donmez, Arfrever, alex, python-dev, dstufft, Lukasa, martius
2014-10-17 17:33:53	pitrou	set	messageid: <1413567233.45.0.47377559636.issue22638@psf.upfronthosting.co.za>
2014-10-17 17:33:53	pitrou	link	issue22638 messages
2014-10-17 17:33:53	pitrou	create