This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients Arfrever, Lukasa, alex, christian.heimes, dstufft, giampaolo.rodola, janssen, martius, pitrou, vstinner
Date 2014-10-15.12:03:12
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1413374592.56.0.522866076929.issue22638@psf.upfronthosting.co.za>
In-reply-to
Content 
I read the table explaining how SSL/TLS is negociated between the client and the server:
https://docs.python.org/2.7/library/ssl.html#ssl.wrap_socket

I don't understand how I can ask to "use TLS, prefer the most recent version, but don't use SSL"? Should I use TLSv1 which only works with TLS version 1.0? Or TLSv12 and bet that the server implements this newer TLS version?

create_default_context() uses PROTOCOL_SSLv23 with OP_NO_SSLv2 and OP_NO_SSLv3. I don't understand: we ask to use "SSL version 2 or 3" but we disable SSLv2 and SSLv3?

If the client uses PROTOCOL_SSLv23, does it mean that TLS will never be tried?
History
Date User Action Args
2014-10-15 12:03:12vstinnersetrecipients: + vstinner, janssen, pitrou, giampaolo.rodola, christian.heimes, Arfrever, alex, dstufft, Lukasa, martius
2014-10-15 12:03:12vstinnersetmessageid: <1413374592.56.0.522866076929.issue22638@psf.upfronthosting.co.za>
2014-10-15 12:03:12vstinnerlinkissue22638 messages
2014-10-15 12:03:12vstinnercreate