Message232505
People who are using SSLv3 should explicitly pass in a context. Globally enabling SSLv3 will surely be a footgun e.g for apps that talk to an outdated device then request a webpage.
I suppose wishing to globally use more secure defaults is a reasonable request. If someone writes a patch to put default context options in a global variable of the ssl module, we can look at it for 2.7.10. |
|
Date |
User |
Action |
Args |
2014-12-12 00:17:15 | benjamin.peterson | set | recipients:
+ benjamin.peterson, lemburg, alex, r.david.murray, dstufft |
2014-12-12 00:17:15 | benjamin.peterson | set | messageid: <1418343435.85.0.485088456986.issue22866@psf.upfronthosting.co.za> |
2014-12-12 00:17:15 | benjamin.peterson | link | issue22866 messages |
2014-12-12 00:17:15 | benjamin.peterson | create | |
|