[New-bugs-announce] [issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)
report at bugs.python.org
Wed Oct 15 01:11:15 CEST 2014
New submission from STINNER Victor:
Copy of Donald Stuff email sent to python-dev:
A big security breach of SSL 3.0 just dropped a little while ago (named POODLE).
With this there is now no ability to securely connect via SSL 3.0. I believe
that we should disable SSL 3.0 in Python similarly to how SSL 2.0 is disabled,
where it is disabled by default unless the user has explicitly re-enabled it.
The new attack essentially allows reading the sensitive data from within a SSL
3.0 connection stream. It takes roughly 256 requests to break a single byte so
the attack is very practical. You can read more about the attack here at the
google announcement  or the whitepaper .
title: ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)
versions: Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 3.5
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce