Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(9)

#28043: Sane defaults for SSLContext options and ciphers

Can't Edit
Can't Publish+Mail
Start Review
Created:
1 year, 1 month ago by lists
Modified:
1 year, 1 month ago
Reviewers:
donald
CC:
Nick Coghlan, bill.janssen_gmail.com, giampaolo.rodola, christian.heimes, alex, devnull_psf.upfronthosting.co.za, dstufft
Visibility:
Public.

Patch Set 1 #

Total comments: 4
Unified diffs Side-by-side diffs Delta from patch set Stats Patch
Doc/library/ssl.rst View 1 chunk +9 lines, -1 line 2 comments Download
Lib/ssl.py View 2 chunks +6 lines, -24 lines 2 comments Download
Lib/test/test_ssl.py View 5 chunks +33 lines, -29 lines 0 comments Download

Messages

Total messages: 2
dstufft
https://bugs.python.org/review/28043/diff/18439/Doc/library/ssl.rst File Doc/library/ssl.rst (right): https://bugs.python.org/review/28043/diff/18439/Doc/library/ssl.rst#newcode1160 Doc/library/ssl.rst:1160: The context is created with more secure default values. ...
1 year, 1 month ago #1
christian.heimes
1 year, 1 month ago #2
https://bugs.python.org/review/28043/diff/18439/Doc/library/ssl.rst
File Doc/library/ssl.rst (right):

https://bugs.python.org/review/28043/diff/18439/Doc/library/ssl.rst#newcode1160
Doc/library/ssl.rst:1160: The context is created with more secure default
values.
On 2016/09/09 23:49:18, dstufft wrote:
> The word `more` here sounds a tiny bit awkward to me. I think this reads
better
> if you just omit it.

Thanks, I removed it from my patch.

https://bugs.python.org/review/28043/diff/18439/Lib/ssl.py
File Lib/ssl.py (left):

https://bugs.python.org/review/28043/diff/18439/Lib/ssl.py#oldcode452
Lib/ssl.py:452: context.options |= OP_NO_SSLv2
On 2016/09/09 23:49:18, dstufft wrote:
> Were these added to SSLContext default in a different patch? I don't see that
> change made in this patch.

_ssl__SSLContext_impl() in _ssl.c has been setting the options for a while:

    if (proto_version != PY_SSL_VERSION_SSL2)
        options |= SSL_OP_NO_SSLv2;
    if (proto_version != PY_SSL_VERSION_SSL3)
        options |= SSL_OP_NO_SSLv3;
Sign in to reply to this message.

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7