Message232547
SSLv3 does not support the TLS extensions so it's going to send a totally different Client Hello. It will for instance not indicate with elliptic curves it supports. So yes the behavior for SSLv3 and SSLv23 can be totally different. But even with both SSLv23 and a different cipher list you can get a different certificate.
So what I'm really saying is that if you have an API to get a certificate that creates a new connection and you can set the options for that connection too that you need to document that properly that you might get a different certificate. |
|
Date |
User |
Action |
Args |
2014-12-12 13:28:54 | kroeckx | set | recipients:
+ kroeckx, lemburg, doko, janssen, pitrou, vstinner, giampaolo.rodola, christian.heimes, benjamin.peterson, ned.deily, alex, python-dev, dstufft |
2014-12-12 13:28:54 | kroeckx | set | messageid: <1418390934.75.0.962621340158.issue22935@psf.upfronthosting.co.za> |
2014-12-12 13:28:54 | kroeckx | link | issue22935 messages |
2014-12-12 13:28:54 | kroeckx | create | |
|