-
-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl module is missing SSL_OP_NO_SSLv2 #49120
Comments
As came out here: |
Actually, that's not quite true. Specifying TLSv1 or SSLv3 on the |
There are use cases like FTPS where it is desirable that servers support |
I have developed a patch that adds the ability to disable SSLv2, SSlv3 and TLSv1 when using the SSLv23 method. It changes Modules/_ssl.c, Lib/ssl.py and Doc/library/ssl.rst. |
Here is an adapted patch for py3k. It also adds a couple of test cases. |
Here is an updated patch for py3k (the previous one didn't apply cleanly). |
Here is an updated patch, following checkin of the new SSL contexts. Options can be specified as an |
Updated patch adds a couple of words about SSLv2 in the "security considerations" paragraph. Reviewing is welcome. |
It turns out SSL_CTX_clear_options() is not available before OpenSSL 0.9.8m. I adapted my patch to raise a ValueError when trying to clear options on older versions of OpenSSL. Setting additional options still works, though. |
I would like to move forward on this. Does anyone have any comments or objections to the current proposal? |
I like the approach of providing this feature as a single attribute instead of two separate methods (set/get_options()). |
This was committed in r81392. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: