[issue32008] Example suggest to use a TLSv1 socket
New submission from Kurt Roeckx <kurt@roeckx.be>: Here: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname And here: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.check_hostname It uses ssl.PROTOCOL_TLSv1, which is a bad example. Please change it to PROTOCOL_SSLv23 or PROTOCOL_TLS. (Those were the first 2 examples I could find via google on how to create an ssl connection using python.) ---------- assignee: docs@python components: Documentation messages: 306093 nosy: docs@python, kroeckx priority: normal severity: normal status: open title: Example suggest to use a TLSv1 socket type: enhancement _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Cheryl Sabella <chekat2@gmail.com> added the comment: Christian, Would you have any feedback on this? Thanks! ---------- nosy: +christian.heimes, csabella _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Change by Benjamin Peterson <benjamin@python.org>: ---------- keywords: +patch pull_requests: +5570 stage: -> patch review _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Benjamin Peterson <benjamin@python.org> added the comment: New changeset e9edee0b65650c4f9db90cefc2e9a8125bad762c by Benjamin Peterson in branch 'master': bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) https://github.com/python/cpython/commit/e9edee0b65650c4f9db90cefc2e9a8125ba... ---------- nosy: +benjamin.peterson _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Change by miss-islington <mariatta.wijaya+miss-islington@gmail.com>: ---------- pull_requests: +5571 _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Change by miss-islington <mariatta.wijaya+miss-islington@gmail.com>: ---------- pull_requests: +5572 _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Change by Benjamin Peterson <benjamin@python.org>: ---------- pull_requests: +5573 _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
miss-islington <mariatta.wijaya+miss-islington@gmail.com> added the comment: New changeset e5d38deb045d0907e6fcf82af8d2d8f0556a8591 by Miss Islington (bot) in branch '3.7': bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) https://github.com/python/cpython/commit/e5d38deb045d0907e6fcf82af8d2d8f0556... ---------- nosy: +miss-islington _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
miss-islington <mariatta.wijaya+miss-islington@gmail.com> added the comment: New changeset f8a794c04c8d375da279fc830770a5e6b4f363fb by Miss Islington (bot) in branch '3.6': bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) https://github.com/python/cpython/commit/f8a794c04c8d375da279fc830770a5e6b4f... ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Benjamin Peterson <benjamin@python.org> added the comment: New changeset 6c7edba1665ea676328c6b50f92e8423c8f0d164 by Benjamin Peterson in branch '2.7': [2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) (#5792) https://github.com/python/cpython/commit/6c7edba1665ea676328c6b50f92e8423c8f... ---------- resolution: -> fixed stage: patch review -> resolved status: open -> closed _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Christian Heimes <lists@cheimes.de> added the comment: For 3.6 to 3.8 I'd prefer TLS_PROTOCOL_CLIENT. It also sets check_hostname and verify_mode to sane, safe values, too. ---------- resolution: fixed -> stage: resolved -> needs patch status: closed -> open versions: +Python 3.6, Python 3.7, Python 3.8 _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Christian Heimes <lists@cheimes.de> added the comment: Err, I meant PROTOCOL_TLS_CLIENT:
import ssl context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.check_hostname True context.verify_mode <VerifyMode.CERT_REQUIRED: 2>
---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Change by Christian Heimes <lists@cheimes.de>: ---------- pull_requests: +5576 stage: needs patch -> patch review _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Cheryl Sabella <cheryl.sabella@gmail.com> added the comment: @christian.heimes, this one looks ready to merge and close. Please take a look when you get a chance. Thanks! ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Stéphane Wirtel <stephane@wirtel.be> added the comment: New changeset 894d0f7d5542ee04556ec1bee8c58506f7c916d4 by Stéphane Wirtel (Christian Heimes) in branch 'master': bpo-32008: Prefer client or TLSv1_2 in examples (GH-5797) https://github.com/python/cpython/commit/894d0f7d5542ee04556ec1bee8c58506f7c... ---------- nosy: +matrixise _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Change by miss-islington <mariatta.wijaya+miss-islington@gmail.com>: ---------- pull_requests: +15649 pull_request: https://github.com/python/cpython/pull/16026 _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Change by Stéphane Wirtel <stephane@wirtel.be>: ---------- pull_requests: +15650 pull_request: https://github.com/python/cpython/pull/16027 _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Stéphane Wirtel <stephane@wirtel.be> added the comment: New changeset 07b4148f3932ed22f9cd8476f49bd0079d093590 by Stéphane Wirtel (Miss Islington (bot)) in branch '3.7': bpo-32008: Prefer client or TLSv1_2 in examples (GH-5797) (GH-16026) https://github.com/python/cpython/commit/07b4148f3932ed22f9cd8476f49bd0079d0... ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Stéphane Wirtel <stephane@wirtel.be> added the comment: New changeset 1fc84b64f9f740f2dc089da1d061dfdd5b438d3c by Stéphane Wirtel in branch '3.8': [3.8] bpo-32008: Prefer client or TLSv1_2 in examples (GH-5797) (GH-16027) https://github.com/python/cpython/commit/1fc84b64f9f740f2dc089da1d061dfdd5b4... ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
Stéphane Wirtel <stephane@wirtel.be> added the comment: Hi, I have merged the PR of Christian for master, 3.8 & 3.7 Thank you so much, ---------- resolution: -> fixed stage: patch review -> resolved status: open -> closed versions: +Python 3.9 -Python 3.6 _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue32008> _______________________________________
participants (6)
-
Benjamin Peterson -
Cheryl Sabella
-
Christian Heimes
-
Kurt Roeckx
-
miss-islington
-
Stéphane Wirtel