[New-bugs-announce] [issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it
Alex Gaynor
report at bugs.python.org
Sun Nov 1 14:10:54 EST 2015
New submission from Alex Gaynor:
SSLv3 is broken, both _create_unverified_context and create_default_context turn it off, but we should make all contexts turn it off, like we do for SSLv2.
A patch is attached.
----------
components: Library (Lib)
files: sslv3.diff
keywords: needs review, patch, security_issue
messages: 253868
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou
priority: normal
severity: normal
status: open
title: ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it
versions: Python 2.7, Python 3.5, Python 3.6
Added file: http://bugs.python.org/file40920/sslv3.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25530>
_______________________________________
More information about the New-bugs-announce
mailing list