Author vstinner
Recipients vstinner
Date 2014-10-14.23:11:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Copy of Donald Stuff email sent to python-dev:

A big security breach of SSL 3.0 just dropped a little while ago (named POODLE).
With this there is now no ability to securely connect via SSL 3.0. I believe
that we should disable SSL 3.0 in Python similarly to how SSL 2.0 is disabled,
where it is disabled by default unless the user has explicitly re-enabled it.

The new attack essentially allows reading the sensitive data from within a SSL
3.0 connection stream. It takes roughly 256 requests to break a single byte so
the attack is very practical. You can read more about the attack here at the
google announcement [1] or the whitepaper [2].

Date User Action Args
2014-10-14 23:11:15vstinnersetrecipients: + vstinner
2014-10-14 23:11:15vstinnersetmessageid: <>
2014-10-14 23:11:15vstinnerlinkissue22638 messages
2014-10-14 23:11:15vstinnercreate