This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author benjamin.peterson
Recipients alex, benjamin.peterson, dstufft, lemburg, r.david.murray
Date 2014-12-12.00:17:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1418343435.85.0.485088456986.issue22866@psf.upfronthosting.co.za>
In-reply-to
Content
People who are using SSLv3 should explicitly pass in a context. Globally enabling SSLv3 will surely be a footgun e.g for apps that talk to an outdated device then request a webpage.

I suppose wishing to globally use more secure defaults is a reasonable request. If someone writes a patch to put default context options in a global variable of the ssl module, we can look at it for 2.7.10.
History
Date User Action Args
2014-12-12 00:17:15benjamin.petersonsetrecipients: + benjamin.peterson, lemburg, alex, r.david.murray, dstufft
2014-12-12 00:17:15benjamin.petersonsetmessageid: <1418343435.85.0.485088456986.issue22866@psf.upfronthosting.co.za>
2014-12-12 00:17:15benjamin.petersonlinkissue22866 messages
2014-12-12 00:17:15benjamin.petersoncreate