New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL Ciphers RC4 #67867
Comments
The documentation (https://docs.python.org/2/library/ssl.html) says: But it still seems to use RC4: https://www.howsmyssl.com/a/check Also the test at https://www.ssllabs.com/ssltest/viewMyClient.html says it still supports SSLv3 (not so sure about this one). |
I believe RC4 will still be used under 2.7.9 on clients, this is changed for 2.7.10 |
RC4 is dropped in the next releases. |
You can explicitly disable RC4 if you create a SSLContext and then call set_ciphers() with the right list of ciphers. See for examples cipher lists of Python 2.7 (development branch): Add ":!RC4" at the end of the cipher list to disable RC4. OpenSSL cipher list format: |
So it seems the docs are wrong. |
They're correct for the next release. :( |
But the doc explicitly says 2.7.9, so no, they are not correct. There also should be versionchanged directive, I think. |
New changeset e1dfa5f0709f by Benjamin Peterson in branch '2.7': New changeset 2a6a63828a40 by Benjamin Peterson in branch '3.4': New changeset 87c102d0df39 by Benjamin Peterson in branch 'default': |
That was fast, great job! For the record: The SSLv3 issue I also wrote about was a false positive because the test only works with Javascript. Python 2.7.9 has SSLv3 disabled by default as it should. urllib2.urlopen("https://sslv3.dshield.org") # fails as it should |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: