Message232489
> Benjamin Peterson added the comment:
>
> On Thu, Dec 11, 2014, at 15:24, Marc-Andre Lemburg wrote:
>>
>> Marc-Andre Lemburg added the comment:
>>
>> On 11.12.2014 20:42, Benjamin Peterson wrote:
>>>
>>> Usually you can pass your own context.
>>
>> Yes, in new code, but not in existing Python 2.7 code that wasn't
>> written for the newly added SSL context feature.
>
> How is modifying code to use a context different from modifying it to
> mess around with a hypothetical ssl.DEFAULT_SSL_OPTIONS?
Hmm, isn't that obvious ?
You only have to add a single line of code to tweak the default
options rather than add context support throughout your application.
>> BTW: Having a way to change the SSL options globally would be useful
>> for Python 3.x as well, since OpenSSL often adds new options and
>> it's not unlikely we'll see an OP_NO_TLSv1 option soon, given its
>> age and similarity to SSLv3...
>> https://www.imperialviolet.org/2014/12/08/poodleagain.html
>> (the poodle strikes back ;-))
>
> That option already exists and is exposed. :)
Right, but it's not used in the current default context.
Hard coding options in a function is not a good idea, really, esp.
not for things that change as often as cipher strings and protocol
options :-) |
|
Date |
User |
Action |
Args |
2014-12-11 20:38:00 | lemburg | set | recipients:
+ lemburg, benjamin.peterson, alex, r.david.murray, dstufft |
2014-12-11 20:38:00 | lemburg | link | issue22866 messages |
2014-12-11 20:37:59 | lemburg | create | |
|