Message 71404 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	heikki
Recipients	heikki
Date	2008-08-19.03:06:15
SpamBayes Score	0.0005811155
Marked as misclassified	No
Message-id	<1219115176.99.0.339604404005.issue3596@psf.upfronthosting.co.za>
In-reply-to

Content
There should be a way to disable SSLv2 since it is insecure. It would be even better if SSLv2 was disabled out of the box, but maybe there could be a way to re-enable it. I made the default to disable SSLv2 in M2Crypto, but those that want it can explicitly request unsecure connection. You can take a look at http://svn.osafoundation.org/m2crypto/trunk/M2Crypto/SSL/Context.py to see how I did it. Modern web browsers are also removing SSLv2 support from them, so it should be really rare to actually need v2 anywhere.

There should be a way to disable SSLv2 since it is insecure. It would be
even better if SSLv2 was disabled out of the box, but maybe there could
be a way to re-enable it.

I made the default to disable SSLv2 in M2Crypto, but those that want it
can explicitly request unsecure connection. You can take a look at
http://svn.osafoundation.org/m2crypto/trunk/M2Crypto/SSL/Context.py to
see how I did it.

Modern web browsers are also removing SSLv2 support from them, so it
should be really rare to actually need v2 anywhere.

History
Date	User	Action	Args
2008-08-19 03:06:17	heikki	set	recipients: + heikki
2008-08-19 03:06:16	heikki	set	messageid: <1219115176.99.0.339604404005.issue3596@psf.upfronthosting.co.za>
2008-08-19 03:06:16	heikki	link	issue3596 messages
2008-08-19 03:06:15	heikki	create