Author pitrou
Recipients Arfrever, Lukasa, alex, christian.heimes, donmez, dstufft, giampaolo.rodola, janssen, martius, pitrou, python-dev, vstinner
Date 2014-10-17.17:33:53
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1413567233.45.0.47377559636.issue22638@psf.upfronthosting.co.za>
In-reply-to
Content
So, I've disabled SSLv3 in _create_stdlib_context() for the next feature release (3.5). By the time it is released, we can consider SSLv3 will be dead.

Related news:
- Opera doesn't disable SSLv3 yet, but implements custom countermeasures:
http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks/
- Mozilla doesn't disable SSLv3 yet (it will be disabled in 3 months):
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
History
Date User Action Args
2014-10-17 17:33:53pitrousetrecipients: + pitrou, janssen, vstinner, giampaolo.rodola, christian.heimes, donmez, Arfrever, alex, python-dev, dstufft, Lukasa, martius
2014-10-17 17:33:53pitrousetmessageid: <1413567233.45.0.47377559636.issue22638@psf.upfronthosting.co.za>
2014-10-17 17:33:53pitroulinkissue22638 messages
2014-10-17 17:33:53pitroucreate