classification
Title: openssl version in windows builds does not support renegotiation
Type: enhancement Stage: resolved
Components: Windows Versions: Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: BreamoreBoy, cory.mintz, loewis
Priority: normal Keywords:

Created on 2012-08-03 15:09 by cory.mintz, last changed 2014-07-03 08:27 by ned.deily. This issue is now closed.

Messages (2)
msg167336 - (view) Author: Cory Mintz (cory.mintz) Date: 2012-08-03 15:09
The Python 2.7.3 and 2.6.8 Windows builds are both built against "OpenSSL 0.9.8l 5 Nov 2009".

This specific version of OpenSSL had renegotiation removed due a security vulnerability. Except from http://svn.python.org/projects/external/openssl-0.9.8x/NEWS.

  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
      ...
      o Support for RFC5746 TLS renegotiation extension.
      ...
  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:

      o Temporary work around for CVE-2009-3555: disable renegotiation.

Can the OpenSSL version be updated to at least OpenSSL 0.9.8m so renegotiation is supported?
msg222134 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2014-07-02 21:52
@Cory the latest version of openssl is 1.0.1g for Python 2.7.7.  Please see PEP 466 and issue 21462
History
Date User Action Args
2014-07-03 08:27:35ned.deilysetstatus: open -> closed
stage: resolved
resolution: out of date
versions: - Python 2.6
2014-07-02 21:52:44BreamoreBoysetnosy: + BreamoreBoy
messages: + msg222134
2012-08-03 16:40:01pitrousetnosy: + loewis
2012-08-03 15:09:35cory.mintzcreate