Message 273772 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	alex, christian.heimes, dstufft, giampaolo.rodola, janssen
Date	2016-08-27.10:30:35
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1472293835.86.0.296775745483.issue27876@psf.upfronthosting.co.za>
In-reply-to

Content
OpenSSL 1.1 has deprecated all version specific TLS/SSL methods in favor of auto-negotiation (formerly known as SSLv23). It also introduced two macros to set the minimal and maximum TLS version with SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version(). The macros can be emulated for OpenSSL < 1.1 with reasonable effort. I suggest that ssl.SSLContext introduces set_version_range(minver, maxver=None) method. It's less awkward to use than fiddling with modes and OP_NO_SSLv3.

OpenSSL 1.1 has deprecated all version specific TLS/SSL methods in favor of auto-negotiation (formerly known as SSLv23). It also introduced two macros to set the minimal and maximum TLS version with SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version(). The macros can be emulated for OpenSSL < 1.1 with reasonable effort.

I suggest that ssl.SSLContext introduces set_version_range(minver, maxver=None) method. It's less awkward to use than fiddling with modes and OP_NO_SSLv3.

History
Date	User	Action	Args
2016-08-27 10:30:35	christian.heimes	set	recipients: + christian.heimes, janssen, giampaolo.rodola, alex, dstufft
2016-08-27 10:30:35	christian.heimes	set	messageid: <1472293835.86.0.296775745483.issue27876@psf.upfronthosting.co.za>
2016-08-27 10:30:35	christian.heimes	link	issue27876 messages
2016-08-27 10:30:35	christian.heimes	create