Message105857
> Since SSLv2 is insecure, could you at least add a warning for that
> protocol? I think there was a separate issue for removing it
> altogether, but could a warning be added here?
I think it should be a separate issue (since it also applies to the
legacy API). I agree it's reasonable to issue a warning. I don't think
we should remove it until OpenSSL itself does, though.
> The documentation should mention that verify_mode=CERT_REQUIRED is recommended for security.
I think we should recommend CERT_OPTIONAL. A server running with
CERT_REQUIRED would refuse clients without a client certificate, which
is probably not common practice for most servers.
(CERT_OPTIONAL is SSL_VERIFY_PEER, and
CERT_REQUIRED is SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT.
The OpenSSL doc says there's no different between both when in client
mode)
> I think you need to expose SSL_CTX_set_options(). Currently the code
> just sets all options, which means that the default protocol SSLv23
> will accept SSLv2 which is insecure. Most people would want to
> probably do something like ctx.set_options(SSL_OP_ALL |
> SSL_OP_NO_SSLv2).
There is a separate issue for it (whose patch I will update to use the
new context API when it is committed):
http://bugs.python.org/issue4870
Do note that OpenSSL 1.0.0 disables SSLv2 by default when using SSLv23,
by the way.
> Otherwise I could not see issues with the code, apart from the still
> #if 0'd out sections and commented out sections, which you are
> planning on doing something about, right?
Yes, there's a bit of cleanup work remaining. |
|
Date |
User |
Action |
Args |
2010-05-16 10:45:20 | pitrou | set | recipients:
+ pitrou, exarkun, janssen, vstinner, eric.smith, giampaolo.rodola, heikki |
2010-05-16 10:45:18 | pitrou | link | issue8550 messages |
2010-05-16 10:45:16 | pitrou | create | |
|