Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to a modern default for SSL/TLS protocol support #1249

Closed
tilgovi opened this issue Apr 29, 2016 · 3 comments
Closed

Switch to a modern default for SSL/TLS protocol support #1249

tilgovi opened this issue Apr 29, 2016 · 3 comments
Labels
Feature/SSL Improvement

Comments

@tilgovi
Copy link
Collaborator

tilgovi commented Apr 29, 2016

Right now we the constant for TLSv1 (ssl.PROTOCOL_TLSv1). We should switch to ssl.PROTOCOL_TLv1_2 or ssl.PROTOCOL_SSLv23. The latter allows SSLv3 and TLS, and is the Python default meant for broad compatibility. It should be safe for most purposes, especially if #1140 implements server cipher preference.

See #1114.
@tilgovi tilgovi added this to the 20.0.0 milestone Apr 29, 2016
@tilgovi tilgovi mentioned this issue Apr 29, 2016
Closed
@benoitc
Copy link
Owner

benoitc commented May 2, 2016

@tilgovi we only need to change the default in the config for this ticket?

@tilgovi
Copy link
Collaborator Author

tilgovi commented May 2, 2016

Yes.

On Mon, May 2, 2016, 05:41 Benoit Chesneau notifications@github.com wrote:

@tilgovi https://github.com/tilgovi we only need to change the default
in the config for this ticket?


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#1249 (comment)

@benoitc benoitc removed this from the 20.0.0 milestone Oct 16, 2016
@benoitc
Copy link
Owner

benoitc commented Feb 1, 2017

what are the default to support? So we can close the issue?

hramezani pushed a commit to hramezani/gunicorn that referenced this issue Feb 6, 2017
@berkerpeksag @hramezani
Make ssl.PROTOCOL_SSLv23 default for --ssl-version
a2cb861 
Fixes benoitc#1249
mjjbell pushed a commit to mjjbell/gunicorn that referenced this issue Mar 16, 2018
@berkerpeksag
Make ssl.PROTOCOL_SSLv23 default for --ssl-version
c377dbc 
Fixes benoitc#1249
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature/SSL Improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benoitc @tilgovi