This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Example suggest to use a TLSv1 socket
Type: enhancement Stage: resolved
Components: Documentation Versions: Python 3.9, Python 3.8, Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: docs@python Nosy List: benjamin.peterson, cheryl.sabella, christian.heimes, docs@python, kroeckx, matrixise, miss-islington
Priority: normal Keywords: patch

Created on 2017-11-11 19:36 by kroeckx, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 5789 merged benjamin.peterson, 2018-02-21 05:42
PR 5790 merged miss-islington, 2018-02-21 05:55
PR 5791 merged miss-islington, 2018-02-21 05:56
PR 5792 merged benjamin.peterson, 2018-02-21 05:59
PR 5797 merged christian.heimes, 2018-02-21 10:01
PR 16026 merged miss-islington, 2019-09-12 11:10
PR 16027 merged matrixise, 2019-09-12 11:11
Messages (13)
msg306093 - (view) Author: Kurt Roeckx (kroeckx) * Date: 2017-11-11 19:36 
Here:
https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname

And here:
https://docs.python.org/2/library/ssl.html#ssl.SSLContext.check_hostname

It uses ssl.PROTOCOL_TLSv1, which is a bad example. Please change it to PROTOCOL_SSLv23 or PROTOCOL_TLS.

(Those were the first 2 examples I could find via google on how to create an ssl connection using python.)
msg312449 - (view) Author: Cheryl Sabella (cheryl.sabella) * (Python committer) Date: 2018-02-21 00:49 
Christian,

Would you have any feedback on this?  Thanks!
msg312465 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-02-21 05:55 
New changeset e9edee0b65650c4f9db90cefc2e9a8125bad762c by Benjamin Peterson in branch 'master':
bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)
https://github.com/python/cpython/commit/e9edee0b65650c4f9db90cefc2e9a8125bad762c
msg312467 - (view) Author: miss-islington (miss-islington) Date: 2018-02-21 06:02 
New changeset e5d38deb045d0907e6fcf82af8d2d8f0556a8591 by Miss Islington (bot) in branch '3.7':
bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)
https://github.com/python/cpython/commit/e5d38deb045d0907e6fcf82af8d2d8f0556a8591
msg312468 - (view) Author: miss-islington (miss-islington) Date: 2018-02-21 06:07 
New changeset f8a794c04c8d375da279fc830770a5e6b4f363fb by Miss Islington (bot) in branch '3.6':
bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789)
https://github.com/python/cpython/commit/f8a794c04c8d375da279fc830770a5e6b4f363fb
msg312469 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-02-21 06:17 
New changeset 6c7edba1665ea676328c6b50f92e8423c8f0d164 by Benjamin Peterson in branch '2.7':
[2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) (#5792)
https://github.com/python/cpython/commit/6c7edba1665ea676328c6b50f92e8423c8f0d164
msg312483 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-02-21 09:45 
For 3.6 to 3.8 I'd prefer TLS_PROTOCOL_CLIENT. It also sets check_hostname and verify_mode to sane, safe values, too.
msg312484 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-02-21 09:45 
Err, I meant PROTOCOL_TLS_CLIENT:

>>> import ssl
>>> context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
>>> context.check_hostname
True
>>> context.verify_mode
<VerifyMode.CERT_REQUIRED: 2>
msg339855 - (view) Author: Cheryl Sabella (cheryl.sabella) * (Python committer) Date: 2019-04-10 12:12 
@christian.heimes, this one looks ready to merge and close.  Please take a look when you get a chance.  Thanks!
msg352109 - (view) Author: Stéphane Wirtel (matrixise) * (Python committer) Date: 2019-09-12 11:10 
New changeset 894d0f7d5542ee04556ec1bee8c58506f7c916d4 by Stéphane Wirtel (Christian Heimes) in branch 'master':
bpo-32008: Prefer client or TLSv1_2 in examples (GH-5797)
https://github.com/python/cpython/commit/894d0f7d5542ee04556ec1bee8c58506f7c916d4
msg352117 - (view) Author: Stéphane Wirtel (matrixise) * (Python committer) Date: 2019-09-12 11:20 
New changeset 07b4148f3932ed22f9cd8476f49bd0079d093590 by Stéphane Wirtel (Miss Islington (bot)) in branch '3.7':
bpo-32008: Prefer client or TLSv1_2 in examples (GH-5797) (GH-16026)
https://github.com/python/cpython/commit/07b4148f3932ed22f9cd8476f49bd0079d093590
msg352122 - (view) Author: Stéphane Wirtel (matrixise) * (Python committer) Date: 2019-09-12 11:25 
New changeset 1fc84b64f9f740f2dc089da1d061dfdd5b438d3c by Stéphane Wirtel in branch '3.8':
[3.8] bpo-32008: Prefer client or TLSv1_2 in examples (GH-5797) (GH-16027)
https://github.com/python/cpython/commit/1fc84b64f9f740f2dc089da1d061dfdd5b438d3c
msg352123 - (view) Author: Stéphane Wirtel (matrixise) * (Python committer) Date: 2019-09-12 11:25 
Hi,

I have merged the PR of Christian for master, 3.8 & 3.7

Thank you so much,
History
Date User Action Args
2022-04-11 14:58:54adminsetgithub: 76189
2019-09-12 11:25:55matrixisesetstatus: open -> closed
versions: + Python 3.9, - Python 3.6
messages: + msg352123

resolution: fixed
stage: patch review -> resolved
2019-09-12 11:25:04matrixisesetmessages: + msg352122
2019-09-12 11:20:44matrixisesetmessages: + msg352117
2019-09-12 11:11:37matrixisesetpull_requests: + pull_request15650
2019-09-12 11:10:22miss-islingtonsetpull_requests: + pull_request15649
2019-09-12 11:10:07matrixisesetnosy: + matrixise
messages: + msg352109
2019-04-10 12:12:25cheryl.sabellasetmessages: + msg339855
2018-02-21 10:01:55christian.heimessetstage: needs patch -> patch review
pull_requests: + pull_request5576
2018-02-21 09:45:56christian.heimessetmessages: + msg312484
2018-02-21 09:45:15christian.heimessetstatus: closed -> open
versions: + Python 3.6, Python 3.7, Python 3.8
messages: + msg312483

resolution: fixed -> (no value)
stage: resolved -> needs patch
2018-02-21 06:17:12benjamin.petersonsetstatus: open -> closed
resolution: fixed
messages: + msg312469

stage: patch review -> resolved
2018-02-21 06:07:19miss-islingtonsetmessages: + msg312468
2018-02-21 06:02:21miss-islingtonsetnosy: + miss-islington
messages: + msg312467
2018-02-21 05:59:28benjamin.petersonsetpull_requests: + pull_request5573
2018-02-21 05:56:11miss-islingtonsetpull_requests: + pull_request5572
2018-02-21 05:55:13miss-islingtonsetpull_requests: + pull_request5571
2018-02-21 05:55:03benjamin.petersonsetnosy: + benjamin.peterson
messages: + msg312465
2018-02-21 05:42:18benjamin.petersonsetkeywords: + patch
stage: patch review
pull_requests: + pull_request5570
2018-02-21 00:49:07cheryl.sabellasetnosy: + cheryl.sabella, christian.heimes
messages: + msg312449
2017-11-11 19:36:05kroeckxcreate