Message214254
This is a simple patch, it simple disables TLS Compression by default. If a user wants to add it back they can create their own SSLContext and do
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ctx.options &= ~ssl.OP_NO_COMPRESSION
This should be able to apply against 3.2+ although it would only be 3.3+ that ssl.OP_NO_COMPRESSION is available to disable it, although a user could still hard code the constant in themselves.
This still leaves 2.7 out in the open here, what I'd like to do is just disable it and if someone really *needs* TLS Compression they can use pyopenssl to get that back. This is a reversal of the current situation where in order to get the safer value you have to use pyopenssl. |
|
Date |
User |
Action |
Args |
2014-03-20 18:11:12 | dstufft | set | recipients:
+ dstufft, ncoghlan, pitrou, christian.heimes, alex, Alex.Stapleton |
2014-03-20 18:11:12 | dstufft | set | messageid: <1395339072.72.0.717925963602.issue20994@psf.upfronthosting.co.za> |
2014-03-20 18:11:12 | dstufft | link | issue20994 messages |
2014-03-20 18:11:12 | dstufft | create | |
|