This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author heikki
Recipients eric.smith, exarkun, giampaolo.rodola, heikki, janssen, pitrou, vstinner
Date 2010-05-16.04:42:20
SpamBayes Score 0.00059590366
Marked as misclassified No
Message-id <1273984946.16.0.950102912578.issue8550@psf.upfronthosting.co.za>
In-reply-to
Content 
Since SSLv2 is insecure, could you at least add a warning for that protocol? I think there was a separate issue for removing it altogether, but could a warning be added here?

The documentation should mention that verify_mode=CERT_REQUIRED is recommended for security.

There should probably be an example of using SSL context in the documentation.

I think you need to expose SSL_CTX_set_options(). Currently the code just sets all options, which means that the default protocol SSLv23 will accept SSLv2 which is insecure. Most people would want to probably do something like ctx.set_options(SSL_OP_ALL | SSL_OP_NO_SSLv2). Documentation should also mention that this is recommended for security. See man SSL_CTX_set_options.

Otherwise I could not see issues with the code, apart from the still #if 0'd out sections and commented out sections, which you are planning on doing something about, right?
History
Date User Action Args
2010-05-16 04:42:27heikkisetrecipients: + heikki, exarkun, janssen, pitrou, vstinner, eric.smith, giampaolo.rodola
2010-05-16 04:42:26heikkisetmessageid: <1273984946.16.0.950102912578.issue8550@psf.upfronthosting.co.za>
2010-05-16 04:42:22heikkilinkissue8550 messages
2010-05-16 04:42:21heikkicreate