Author kroeckx
Recipients alex, benjamin.peterson, christian.heimes, doko, dstufft, giampaolo.rodola, janssen, kroeckx, lemburg, ned.deily, pitrou, python-dev, vstinner
Date 2014-12-12.13:28:54
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1418390934.75.0.962621340158.issue22935@psf.upfronthosting.co.za>
In-reply-to
Content
SSLv3 does not support the TLS extensions so it's going to send a totally different Client Hello.  It will for instance not indicate with elliptic curves it supports.  So yes the behavior for SSLv3 and SSLv23 can be totally different.  But even with both SSLv23 and a different cipher list you can get a different certificate.

So what I'm really saying is that if you have an API to get a certificate that creates a new connection and you can set the options for that connection too that you need to document that properly that you might get a different certificate.
History
Date User Action Args
2014-12-12 13:28:54kroeckxsetrecipients: + kroeckx, lemburg, doko, janssen, pitrou, vstinner, giampaolo.rodola, christian.heimes, benjamin.peterson, ned.deily, alex, python-dev, dstufft
2014-12-12 13:28:54kroeckxsetmessageid: <1418390934.75.0.962621340158.issue22935@psf.upfronthosting.co.za>
2014-12-12 13:28:54kroeckxlinkissue22935 messages
2014-12-12 13:28:54kroeckxcreate