Message232527
> The changes for 3.4 are incomplete
Ok, I fixed most obvious issues. There is a major severe issue in Lib/ssl.py:
def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
...
This line fails if PROTOCOL_SSLv3 name does not exist. I propose to use PROTOCOL_SSLv23 by default if PROTOCOL_SSLv3 does not exist, as done in Python 3.5. See attached patch.
A better option (more secure?) is to use PROTOCOL_SSLv23 by default.
What do you think? I prefer to switch to PROTOCOL_SSLv23 by default in Python 3.4. |
|
Date |
User |
Action |
Args |
2014-12-12 11:31:40 | vstinner | set | recipients:
+ vstinner, doko, janssen, pitrou, giampaolo.rodola, christian.heimes, benjamin.peterson, ned.deily, alex, python-dev, dstufft, kroeckx |
2014-12-12 11:31:40 | vstinner | set | messageid: <1418383900.7.0.802906239842.issue22935@psf.upfronthosting.co.za> |
2014-12-12 11:31:40 | vstinner | link | issue22935 messages |
2014-12-12 11:31:40 | vstinner | create | |
|