Message273772
OpenSSL 1.1 has deprecated all version specific TLS/SSL methods in favor of auto-negotiation (formerly known as SSLv23). It also introduced two macros to set the minimal and maximum TLS version with SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version(). The macros can be emulated for OpenSSL < 1.1 with reasonable effort.
I suggest that ssl.SSLContext introduces set_version_range(minver, maxver=None) method. It's less awkward to use than fiddling with modes and OP_NO_SSLv3. |
|
Date |
User |
Action |
Args |
2016-08-27 10:30:35 | christian.heimes | set | recipients:
+ christian.heimes, janssen, giampaolo.rodola, alex, dstufft |
2016-08-27 10:30:35 | christian.heimes | set | messageid: <1472293835.86.0.296775745483.issue27876@psf.upfronthosting.co.za> |
2016-08-27 10:30:35 | christian.heimes | link | issue27876 messages |
2016-08-27 10:30:35 | christian.heimes | create | |
|