[New-bugs-announce] [issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it
report at bugs.python.org
Sun Nov 1 14:10:54 EST 2015
New submission from Alex Gaynor:
SSLv3 is broken, both _create_unverified_context and create_default_context turn it off, but we should make all contexts turn it off, like we do for SSLv2.
A patch is attached.
components: Library (Lib)
keywords: needs review, patch, security_issue
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou
title: ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it
versions: Python 2.7, Python 3.5, Python 3.6
Added file: http://bugs.python.org/file40920/sslv3.diff
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce