classification
Title: Example suggest to use a TLSv1 socket
Type: enhancement Stage: patch review
Components: Documentation Versions: Python 3.8, Python 3.7, Python 3.6
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: docs@python Nosy List: benjamin.peterson, cheryl.sabella, christian.heimes, docs@python, kroeckx, miss-islington
Priority: normal Keywords: patch

Created on 2017-11-11 19:36 by kroeckx, last changed 2018-02-21 10:01 by christian.heimes.

Pull Requests
URL Status Linked Edit
PR 5789 merged benjamin.peterson, 2018-02-21 05:42
PR 5790 merged miss-islington, 2018-02-21 05:55
PR 5791 merged miss-islington, 2018-02-21 05:56
PR 5792 merged benjamin.peterson, 2018-02-21 05:59
PR 5797 open christian.heimes, 2018-02-21 10:01
Messages (8)
msg306093 - (view) Author: Kurt Roeckx (kroeckx) * Date: 2017-11-11 19:36
Here:
https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname

And here:
https://docs.python.org/2/library/ssl.html#ssl.SSLContext.check_hostname

It uses ssl.PROTOCOL_TLSv1, which is a bad example. Please change it to PROTOCOL_SSLv23 or PROTOCOL_TLS.

(Those were the first 2 examples I could find via google on how to create an ssl connection using python.)
msg312449 - (view) Author: Cheryl Sabella (cheryl.sabella) * (Python triager) Date: 2018-02-21 00:49
Christian,

Would you have any feedback on this?  Thanks!
msg312465 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-02-21 05:55
New changeset e9edee0b65650c4f9db90cefc2e9a8125bad762c by Benjamin Peterson in branch 'master':
bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)
https://github.com/python/cpython/commit/e9edee0b65650c4f9db90cefc2e9a8125bad762c
msg312467 - (view) Author: miss-islington (miss-islington) Date: 2018-02-21 06:02
New changeset e5d38deb045d0907e6fcf82af8d2d8f0556a8591 by Miss Islington (bot) in branch '3.7':
bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)
https://github.com/python/cpython/commit/e5d38deb045d0907e6fcf82af8d2d8f0556a8591
msg312468 - (view) Author: miss-islington (miss-islington) Date: 2018-02-21 06:07
New changeset f8a794c04c8d375da279fc830770a5e6b4f363fb by Miss Islington (bot) in branch '3.6':
bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)
https://github.com/python/cpython/commit/f8a794c04c8d375da279fc830770a5e6b4f363fb
msg312469 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-02-21 06:17
New changeset 6c7edba1665ea676328c6b50f92e8423c8f0d164 by Benjamin Peterson in branch '2.7':
[2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) (#5792)
https://github.com/python/cpython/commit/6c7edba1665ea676328c6b50f92e8423c8f0d164
msg312483 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-02-21 09:45
For 3.6 to 3.8 I'd prefer TLS_PROTOCOL_CLIENT. It also sets check_hostname and verify_mode to sane, safe values, too.
msg312484 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-02-21 09:45
Err, I meant PROTOCOL_TLS_CLIENT:

>>> import ssl
>>> context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
>>> context.check_hostname
True
>>> context.verify_mode
<VerifyMode.CERT_REQUIRED: 2>
History
Date User Action Args
2018-02-21 10:01:55christian.heimessetstage: needs patch -> patch review
pull_requests: + pull_request5576
2018-02-21 09:45:56christian.heimessetmessages: + msg312484
2018-02-21 09:45:15christian.heimessetstatus: closed -> open
versions: + Python 3.6, Python 3.7, Python 3.8
messages: + msg312483

resolution: fixed ->
stage: resolved -> needs patch
2018-02-21 06:17:12benjamin.petersonsetstatus: open -> closed
resolution: fixed
messages: + msg312469

stage: patch review -> resolved
2018-02-21 06:07:19miss-islingtonsetmessages: + msg312468
2018-02-21 06:02:21miss-islingtonsetnosy: + miss-islington
messages: + msg312467
2018-02-21 05:59:28benjamin.petersonsetpull_requests: + pull_request5573
2018-02-21 05:56:11miss-islingtonsetpull_requests: + pull_request5572
2018-02-21 05:55:13miss-islingtonsetpull_requests: + pull_request5571
2018-02-21 05:55:03benjamin.petersonsetnosy: + benjamin.peterson
messages: + msg312465
2018-02-21 05:42:18benjamin.petersonsetkeywords: + patch
stage: patch review
pull_requests: + pull_request5570
2018-02-21 00:49:07cheryl.sabellasetnosy: + cheryl.sabella, christian.heimes
messages: + msg312449
2017-11-11 19:36:05kroeckxcreate