Message 372841 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, mhughes
Date	2020-07-02.10:45:02
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1593686703.16.0.118171539419.issue41195@roundup.psfhosted.org>
In-reply-to

Content
I'm not sure it's a good idea to expose a setter for security level. In general the security level is a system-wide policy decision that should be controlled by administrators. Applications should not change this setting. Python libraries tend to follow bad practices and cargo cult when it comes to TLS settings. Many years ago OpenSSL and Linux distributions had bad default settings. Nowadays OpenSSL has good defaults and distributions often set even stricter defaults. A read-only getter for the policy sounds like a good idea, though.

I'm not sure it's a good idea to expose a setter for security level. In general the security level is a system-wide policy decision that should be controlled by administrators. Applications should not change this setting.

Python libraries tend to follow bad practices and cargo cult when it comes to TLS settings. Many years ago OpenSSL and Linux distributions had bad default settings. Nowadays OpenSSL has good defaults and distributions often set even stricter defaults.

A read-only getter for the policy sounds like a good idea, though.

History
Date	User	Action	Args
2020-07-02 10:45:03	christian.heimes	set	recipients: + christian.heimes, mhughes
2020-07-02 10:45:03	christian.heimes	set	messageid: <1593686703.16.0.118171539419.issue41195@roundup.psfhosted.org>
2020-07-02 10:45:03	christian.heimes	link	issue41195 messages
2020-07-02 10:45:02	christian.heimes	create