[docs] ssl.create_default_context
Christoph Egger
egger at cs.fau.de
Fri Oct 19 05:53:23 EDT 2018
Hi!
```
The settings are: PROTOCOL_TLS, OP_NO_SSLv2, and OP_NO_SSLv3 with high encryption cipher suites without RC4 and without unauthenticated cipher suites. Passing SERVER_AUTH as purpose sets verify_mode to CERT_REQUIRED and either loads CA certificates (when at least one of cafile, capath or cadata is given) or uses SSLContext.load_default_certs() to load default CA certificates.
```
`SERVER_AUTH` not only sets `CERT_REQUIRED` but also `check_hostname` to `True`. As this is critical information for users with some familiarity with python’s SSL library the documentation should mention it (especially as it talks explicitly about the `CERT_REQUIRED` part)
https://github.com/python/cpython/blob/master/Lib/ssl.py#L567
Thanks!
Christoph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5315 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/docs/attachments/20181019/1037b70a/attachment-0001.bin>
More information about the docs
mailing list